Cleaning base and improving overlay dev
This commit is contained in:
parent
0d3f60db94
commit
240029f2dc
@ -1,6 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1alpha1
|
||||
kind: Component
|
||||
namespace: nextcloud
|
||||
|
||||
configurations:
|
||||
- ./configurations/cnpg-config.yaml
|
||||
|
@ -2,7 +2,6 @@ apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: nextcloud-postgres
|
||||
namespace: nextcloud
|
||||
spec:
|
||||
instances: 1
|
||||
primaryUpdateStrategy: unsupervised
|
||||
|
@ -1,6 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1alpha1
|
||||
kind: Component
|
||||
namespace: nextcloud
|
||||
|
||||
resources:
|
||||
- deployment.yaml
|
||||
|
@ -1,16 +1,11 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: nextcloud
|
||||
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
# référence à l'exemple cadoles.
|
||||
# cela force la mise à jours des secret en questions liés aux ressources ayant le labels "tenant" lorsque modifié
|
||||
configurations:
|
||||
#- https://forge.cadoles.com/CadolesKube/c-kustom/raw/branch/develop/base/minio/configurations/tenants.minio.min.io.yaml
|
||||
# => importé en locale pour pouvoir faire un kustomize build
|
||||
- ./resources/nextcloud/resources/files/minio/configurations/tenants.minio.min.io.yaml
|
||||
|
||||
resources:
|
||||
- ./resources/nextcloud
|
||||
|
@ -1,65 +1,43 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
# namespace: nextcloud
|
||||
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true # suppression des suffixe en hash en bout de nom
|
||||
|
||||
resources:
|
||||
- ./resources/deployment.yaml
|
||||
# - ./resources/namespace.yaml
|
||||
- ./resources/nextcloud-tenant.yaml
|
||||
- ./resources/nextcloud-service.yaml
|
||||
- ./resources/pvc.yaml
|
||||
- ./resources/job.yaml
|
||||
- ./resources/ConfigMap.yaml
|
||||
- ./resources/nextcloud-rolebinding.yaml
|
||||
- ./resources/nextcloud-role.yaml
|
||||
- ./resources/nextcloud-serviceaccount.yaml
|
||||
- ./resources/ingress.yaml
|
||||
- ./resources/ConfigMap-ldap-script.yaml
|
||||
- ./resources/ConfigMap-plugins.yaml
|
||||
|
||||
|
||||
#- ./resources/secret.yaml
|
||||
|
||||
- ./resources/pvc/00-main.yaml
|
||||
- ./resources/pvc/01-html.yaml
|
||||
- ./resources/pvc/02-data.yaml
|
||||
- ./resources/pvc/03-config.yaml
|
||||
- ./resources/pvc/04-custom.yaml
|
||||
- ./resources/pvc/06-tmp.yaml
|
||||
- ./resources/pvc/07-themes.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: nextcloud-parameters
|
||||
files:
|
||||
- ./resources/files/parameters.yaml
|
||||
- name: nextcloud-env
|
||||
literals:
|
||||
- MINIO_SERVICE_NAME=$(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT) # pas nécessaire je pense
|
||||
- MINIO_SERVICE_HOST=minio
|
||||
- MINIO_SERVICE_PORT=443
|
||||
- NEXTCLOUD_ADMIN_USER="admin"
|
||||
- NEXTCLOUD_ADMIN_PASSWORD="cadoles" # 5
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS="*.cadoles.fr"
|
||||
- PHP_MEMORY_LIMIT="512M"
|
||||
- PHP_UPLOAD_LIMIT="4G"
|
||||
- MAIL_FROM_ADDRESS="user"
|
||||
- MAIL_DOMAIN="cadoles.fr"
|
||||
- SMTP_HOST="smtp.cadoles.com"
|
||||
- SMTP_SECURE="ssl"
|
||||
- SMTP_PORT="465"
|
||||
- SMTP_AUTHTYPE="LOGIN"
|
||||
|
||||
secretGenerator:
|
||||
# Voir https://github.com/minio/operator/issues/856
|
||||
- name: nextcloud-minio-user
|
||||
literals:
|
||||
- CONSOLE_ACCESS_KEY=minio_root
|
||||
- CONSOLE_SECRET_KEY=MinioRootNotSoSecret
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
# Voir https://github.com/minio/operator/issues/856
|
||||
- name: nextcloud-minio-configuration
|
||||
files:
|
||||
- ./resources/files/minio/config.env # A modifier si modification mot de passe et user CONSOLE [ACCESS-SECRET]
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
- name: nextcloud-smtp
|
||||
literals:
|
||||
- smtp-username=ouchemail
|
||||
- smtp-password=HjkEHJ2676yiu2
|
||||
- smtp-username=secretuser
|
||||
- smtp-password=secretpassword
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
vars: # génération d'information pour wait-for-bootstrap du pod nextcloud
|
||||
- name: MINIO_BOOTSTRAP_JOB_NAME
|
||||
objref:
|
||||
name: create-minio-bucket
|
||||
kind: Job
|
||||
apiVersion: batch/v1
|
||||
fieldref:
|
||||
fieldpath: metadata.name
|
||||
|
@ -1,46 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: script-config-ldap
|
||||
data:
|
||||
poststart-ldap.sh: |
|
||||
#!/bin/sh
|
||||
|
||||
NEXTCLOUD_READY=0
|
||||
MAX_RETRIES=30
|
||||
RETRY_INTERVAL=10
|
||||
|
||||
touch /etc/script/validator.txt
|
||||
# Vérifiez si LDAP est déjà activé
|
||||
# if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then
|
||||
# Activez le module LDAP si ce n'est pas déjà fait
|
||||
# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
#fi
|
||||
for i in $(seq 1 $MAX_RETRIES); do
|
||||
if curl -fsS "http://localhost/status.php" > /dev/null; then
|
||||
NEXTCLOUD_READY=1
|
||||
break
|
||||
else
|
||||
echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/validator.txt
|
||||
sleep $RETRY_INTERVAL
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $NEXTCLOUD_READY -eq 0 ]; then
|
||||
echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation LDAP." >> /etc/script/validator.txt
|
||||
exit 1
|
||||
fi
|
||||
|
||||
su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
|
||||
# Configurez LDAP (configuration minimale)
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapHost --value='ldap.example.com'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapBase --value='dc=example,dc=com'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentName --value='cn=admin,dc=example,dc=com'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentPassword --value='your_password'" www-data
|
||||
|
||||
# Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
|
||||
#exec /entrypoint.sh "$@"
|
||||
|
||||
# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
# est fonctionnel dans le pods nextcloud !
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: script-config-plugins
|
||||
data:
|
||||
poststart-plugins.sh: |
|
||||
#!/bin/sh
|
||||
|
||||
NEXTCLOUD_READY=0
|
||||
MAX_RETRIES=30
|
||||
RETRY_INTERVAL=10
|
||||
|
||||
touch /etc/script/plugins.txt
|
||||
|
||||
for i in $(seq 1 $MAX_RETRIES); do
|
||||
if curl -fsS "http://localhost/status.php" > /dev/null; then
|
||||
NEXTCLOUD_READY=1
|
||||
break
|
||||
else
|
||||
echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/plugins.txt
|
||||
sleep $RETRY_INTERVAL
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $NEXTCLOUD_READY -eq 0 ]; then
|
||||
echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation des plugins." >> /etc/script/plugins.txt
|
||||
exit 1
|
||||
fi
|
||||
|
||||
su -s /bin/sh -c "/var/www/html/occ app:install calendar" www-data
|
@ -1,14 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: update-config
|
||||
data:
|
||||
custom-script.sh: |
|
||||
#!/bin/sh
|
||||
|
||||
HOSTS_FILE="/etc/hosts"
|
||||
|
||||
# Ajoutez l'entrée au fichier hosts
|
||||
MINIO_SERVICE_IP="${MINIO_SERVICE_HOST}"
|
||||
MINIO_NAME="${MINIO_SERVICE_NAME}"
|
||||
echo "$MINIO_SERVICE_IP" minio >> $HOSTS_FILE
|
@ -4,9 +4,9 @@ metadata:
|
||||
labels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
name: app
|
||||
name: nextcloud-app
|
||||
spec:
|
||||
# serviceName: nextcloud
|
||||
# serviceName: nextcloud
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
@ -21,16 +21,16 @@ spec:
|
||||
containers:
|
||||
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
|
||||
imagePullPolicy: Always
|
||||
name: app
|
||||
name: nextcloud
|
||||
ports:
|
||||
- containerPort: 80
|
||||
lifecycle:
|
||||
postStart:
|
||||
exec:
|
||||
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && /etc/script/poststart-plugins.sh && touch /etc/script/try01.txt"]
|
||||
# envFrom:
|
||||
# - configMapRef:
|
||||
# name: nextcloud-env
|
||||
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
env:
|
||||
- name: POSTGRES_DB
|
||||
value: nextcloud
|
||||
@ -46,56 +46,16 @@ spec:
|
||||
key: password
|
||||
- name: POSTGRES_HOST
|
||||
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
|
||||
- name: NEXTCLOUD_ADMIN_USER
|
||||
value: admin
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
|
||||
value: cadoles
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: "*.cadoles.fr"
|
||||
- name: NEXTCLOUD_INIT_LOCK
|
||||
value: "true"
|
||||
- name: PHP_MEMORY_LIMIT
|
||||
value: 512M
|
||||
- name: PHP_UPLOAD_LIMIT
|
||||
value: 4G
|
||||
- name: POD_INDEX
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: REDIS_HOST
|
||||
value: redis # équivaut à redis.nextcloud.svc.cluster.local
|
||||
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
|
||||
value: redis
|
||||
- name: REDIS_HOST_PORT
|
||||
value: "6379"
|
||||
######################
|
||||
# Partie minio S3
|
||||
- name: OBJECTSTORE_S3_HOST
|
||||
value: minio:$(MINIO_SERVICE_PORT)
|
||||
# value: $(MINIO_SERVICE_NAME):$(MINIO_SERVICE_PORT)
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: nextcloud-minio
|
||||
- name: OBJECTSTORE_S3_KEY # 15
|
||||
value: minio_root
|
||||
- name: OBJECTSTORE_S3_SECRET
|
||||
value: MinioRootNotSoSecret
|
||||
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_SSL # 18
|
||||
value: "true"
|
||||
##################################
|
||||
# Mise en place SMTP
|
||||
- name: MAIL_FROM_ADDRESS
|
||||
value: "user"
|
||||
- name: MAIL_DOMAIN
|
||||
value: "domain.com"
|
||||
- name: SMTP_HOST
|
||||
value: "domain.com"
|
||||
- name: SMTP_SECURE
|
||||
value: "ssl"
|
||||
- name: SMTP_PORT
|
||||
value: "465"
|
||||
- name: SMTP_AUTHTYPE
|
||||
value: "LOGIN"
|
||||
- name: SMTP_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -106,34 +66,8 @@ spec:
|
||||
secretKeyRef:
|
||||
name: nextcloud-smtp
|
||||
key: smtp-password
|
||||
|
||||
- name: NEXTCLOUD_DATA_DIR
|
||||
value: "/var/www/html/data"
|
||||
livenessProbe: # vérifie si c'est planté ou non
|
||||
httpGet:
|
||||
path: /status.php
|
||||
port: 80 # en reférence à ingress.yaml ?
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml
|
||||
initialDelaySeconds: 50
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 5
|
||||
readinessProbe: # vérifie si c'est ok pour envoyer des requête ou non
|
||||
httpGet:
|
||||
path: /status.php
|
||||
port: 80 # en référence à ingress.yaml ?
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml
|
||||
initialDelaySeconds: 50
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 5
|
||||
|
||||
volumeMounts:
|
||||
- mountPath: /var/www/
|
||||
name: nextcloud-main-volume
|
||||
@ -149,52 +83,7 @@ spec:
|
||||
name: nextcloud-tmp-volume
|
||||
- mountPath: /var/www/html/themes
|
||||
name: nextcloud-themes-volume
|
||||
|
||||
# ICI montage pour les script !
|
||||
- mountPath: /etc/script/poststart-ldap.sh
|
||||
name: script-config-ldap
|
||||
subPath: poststart-ldap.sh
|
||||
- mountPath: /etc/script/poststart-plugins.sh
|
||||
name: script-config-plugins
|
||||
subPath: poststart-plugins.sh
|
||||
- mountPath: /etc/script/custom-script.sh
|
||||
name: update-config-script
|
||||
subPath: custom-script.sh
|
||||
- mountPath: /etc/minio-ccerts
|
||||
name: minio-certs
|
||||
readOnly: true
|
||||
|
||||
# MOUNT-TRY-multi-instance
|
||||
# - name: nextcloud-config-volume # monte le fichier de configuration dans
|
||||
# mountPath: /var/www/html/config # les instances supplémentaire
|
||||
# readOnly: false # via le configmap ConfigMaps-php.yaml
|
||||
|
||||
restartPolicy: Always
|
||||
serviceAccountName: nextcloud-sa # declare user for initcontainer
|
||||
|
||||
# trois volumes pour les script
|
||||
volumes:
|
||||
- name: minio-certs
|
||||
secret:
|
||||
secretName: nextcloud-minio-tls # montage des certificat de minio
|
||||
- name: update-config-script
|
||||
configMap:
|
||||
name: update-config
|
||||
defaultMode: 0744
|
||||
- name: script-config-ldap
|
||||
configMap:
|
||||
name: script-config-ldap
|
||||
defaultMode: 0744
|
||||
- name: script-config-plugins
|
||||
configMap:
|
||||
name: script-config-plugins
|
||||
defaultMode: 0744
|
||||
|
||||
# MOUNT-TRY-multi-instance
|
||||
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
|
||||
# configMap: # les instances supplémentaires
|
||||
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
|
||||
|
||||
- name: nextcloud-main-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-main-pvc
|
||||
@ -216,23 +105,5 @@ spec:
|
||||
- name: nextcloud-themes-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-themes-pvc
|
||||
|
||||
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
|
||||
- name: wait-for-bootstrap
|
||||
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
||||
args:
|
||||
- job
|
||||
- $(MINIO_BOOTSTRAP_JOB_NAME)
|
||||
|
||||
|
||||
#####################################################
|
||||
# For REDIS-OPERATOR USE THIS TO SET PORT
|
||||
#####################################################
|
||||
# - name: REDIS_HOST_PORT
|
||||
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
|
||||
# - name: REDIS_HOST_PASSWORD
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: redis-secret
|
||||
# key: password
|
||||
#####################################################
|
||||
restartPolicy: Always
|
||||
serviceAccountName: nextcloud-sa # declare user for initcontainer
|
||||
|
@ -1,4 +0,0 @@
|
||||
export MINIO_ROOT_USER="minio_root"
|
||||
export MINIO_ROOT_PASSWORD="MinioRootNotSoSecret"
|
||||
export MINIO_STORAGE_CLASS_STANDARD="EC:2"
|
||||
export MINIO_BROWSER="on"
|
@ -1,8 +0,0 @@
|
||||
#API minio
|
||||
minio_url: 'http://%env(string:MINIO_SERVICE_NAME)%:9000'
|
||||
minio_key: '%env(string:MINIO_KEY)%'
|
||||
minio_secret: '%env(string:MINIO_SECRET)%'
|
||||
minio_bucket: 'nextcloud'
|
||||
minio_root: ''
|
||||
minio_path_style: true
|
||||
minio_secure: false
|
@ -4,7 +4,7 @@ metadata:
|
||||
name: nextcloud
|
||||
|
||||
annotations:
|
||||
# kustomize.config.k8s.io/needs: configmap/nextcloud-envi
|
||||
# kustomize.config.k8s.io/needs: configmap/nextcloud-envi
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
|
||||
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
|
||||
@ -13,7 +13,7 @@ metadata:
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: nxt.cadoles.fr
|
||||
- host: nxt.base.fr
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
|
@ -1,63 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: create-minio-bucket
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-minio
|
||||
image: busybox
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo "attente du service minio..."
|
||||
cnt=0
|
||||
tout=300
|
||||
while [ 1 ]
|
||||
do
|
||||
http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}')
|
||||
if [ "${http_code}" != "200" ]; then
|
||||
echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}"
|
||||
sleep 1
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cnt=$((cnt+1))
|
||||
if [ "${cnt}" -ge "${tout}" ]; then
|
||||
exit 3
|
||||
fi
|
||||
done
|
||||
# Encore nécessaire ?
|
||||
containers:
|
||||
- name: create-bucket
|
||||
image: minio/mc
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
env:
|
||||
- name: CONSOLE_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_ACCESS_KEY
|
||||
- name: CONSOLE_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_SECRET_KEY
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo "création de l'alias my-minio"
|
||||
mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
|
||||
echo "création du bucket..."
|
||||
mc mb --insecure my-minio/nextcloud-minio
|
||||
echo "Bucket créé. normalement"
|
||||
restartPolicy: OnFailure
|
||||
# Est-ce que je mettrais pas mon ldap ici ? => ConfigMap-ldap-script.yaml ?
|
||||
|
@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: nextcloud
|
@ -1,4 +1,3 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
@ -17,10 +16,12 @@ rules:
|
||||
- v1
|
||||
resources:
|
||||
- secrets
|
||||
- services
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
#- patch
|
||||
|
||||
# Declaration d'un role nommé status-reader et attribution de droit
|
||||
|
||||
|
@ -1,33 +0,0 @@
|
||||
apiVersion: minio.min.io/v2
|
||||
kind: Tenant
|
||||
metadata:
|
||||
name: nextcloud-minio
|
||||
spec:
|
||||
certConfig:
|
||||
dnsNames:
|
||||
- "minio"
|
||||
pools:
|
||||
- servers: 2
|
||||
name: pool-0
|
||||
volumesPerServer: 2
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
name: nextcloud-minio-data # juste son nom dans le cluster
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
# env:
|
||||
# - name: MINIO_CONSOLE_TLS_ENABLE
|
||||
# value: "off"
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000 # droit d'accès user
|
||||
runAsGroup: 1000 # droit d'accès group
|
||||
runAsNonRoot: true # accès sans être root
|
||||
configuration:
|
||||
name: nextcloud-minio-configuration # cf resources/nextcloud/resources/kustomization.yaml
|
||||
users:
|
||||
- name: nextcloud-minio-user # cf resources/nextcloud/resources/kustomization.yaml
|
||||
|
@ -1,83 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-main-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-html-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-data-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-config-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-custom-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-tmp-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-themes-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
11
base/resources/nextcloud/resources/pvc/00-main.yaml
Normal file
11
base/resources/nextcloud/resources/pvc/00-main.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-main-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
12
base/resources/nextcloud/resources/pvc/01-html.yaml
Normal file
12
base/resources/nextcloud/resources/pvc/01-html.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-html-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
11
base/resources/nextcloud/resources/pvc/02-data.yaml
Normal file
11
base/resources/nextcloud/resources/pvc/02-data.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-data-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
11
base/resources/nextcloud/resources/pvc/03-config.yaml
Normal file
11
base/resources/nextcloud/resources/pvc/03-config.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-config-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
11
base/resources/nextcloud/resources/pvc/04-custom.yaml
Normal file
11
base/resources/nextcloud/resources/pvc/04-custom.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-custom-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
11
base/resources/nextcloud/resources/pvc/06-tmp.yaml
Normal file
11
base/resources/nextcloud/resources/pvc/06-tmp.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-tmp-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
11
base/resources/nextcloud/resources/pvc/07-themes.yaml
Normal file
11
base/resources/nextcloud/resources/pvc/07-themes.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-themes-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
@ -1,76 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: script-config-ldap
|
||||
data:
|
||||
poststart-ldap.sh: |
|
||||
#!/bin/sh
|
||||
|
||||
NEXTCLOUD_READY=0
|
||||
MAX_RETRIES=30
|
||||
RETRY_INTERVAL=10
|
||||
|
||||
touch /etc/script/validator.txt
|
||||
# Vérifiez si LDAP est déjà activé
|
||||
# if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then
|
||||
# Activez le module LDAP si ce n'est pas déjà fait
|
||||
# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
#fi
|
||||
for i in $(seq 1 $MAX_RETRIES); do
|
||||
if curl -fsS "http://localhost/status.php" > /dev/null; then
|
||||
NEXTCLOUD_READY=1
|
||||
break
|
||||
else
|
||||
echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/validator.txt
|
||||
sleep $RETRY_INTERVAL
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $NEXTCLOUD_READY -eq 0 ]; then
|
||||
echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation LDAP." >> /etc/script/validator.txt
|
||||
exit 1
|
||||
fi
|
||||
|
||||
su -s /bin/sh -c "/var/www/html/occ app:install user_ldap" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ app:update user_ldap" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
#su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data
|
||||
|
||||
## test if backend ldap is activated and create empty config if not
|
||||
#
|
||||
touch /tmp/nxt-ldap.txt
|
||||
chown www-data: /tmp/nxt-ldap.txt
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt" www-data
|
||||
if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data
|
||||
fi
|
||||
|
||||
# Configurez LDAP (configuration minimale)
|
||||
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'" www-data
|
||||
|
||||
# Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
|
||||
#exec /entrypoint.sh "$@"
|
||||
|
||||
# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
# est fonctionnel dans le pods nextcloud !
|
||||
|
||||
#liste config : su -s /bin/sh -c "/var/www/html/occ config:list" www-data
|
@ -1,39 +1,20 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
name: app
|
||||
name: nextcloud-app
|
||||
spec:
|
||||
# serviceName: nextcloud
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
replicas: 3
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-bootstrap
|
||||
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
||||
args:
|
||||
- job
|
||||
- $(MINIO_BOOTSTRAP_JOB_NAME)
|
||||
containers:
|
||||
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
|
||||
imagePullPolicy: Always
|
||||
name: app
|
||||
ports:
|
||||
- containerPort: 80
|
||||
lifecycle:
|
||||
postStart:
|
||||
exec:
|
||||
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && /etc/script/poststart-plugins.sh && touch /etc/script/try01.txt"]
|
||||
# envFrom:
|
||||
# - configMapRef:
|
||||
# name: nextcloud-env
|
||||
- name: nextcloud
|
||||
env:
|
||||
- name: POSTGRES_DB
|
||||
value: nextcloud
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -44,132 +25,28 @@ spec:
|
||||
secretKeyRef:
|
||||
name: nextcloud-postgres-app
|
||||
key: password
|
||||
- name: POSTGRES_HOST
|
||||
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
|
||||
- name: NEXTCLOUD_ADMIN_USER
|
||||
value: admincadoles
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
|
||||
value: CadolesNotSecret
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: "*.cadoles.fr"
|
||||
- name: NEXTCLOUD_INIT_LOCK
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: nxt-minio
|
||||
- name: OBJECTSTORE_S3_AUTOCREATE
|
||||
value: "true"
|
||||
- name: PHP_MEMORY_LIMIT
|
||||
value: 512M
|
||||
- name: PHP_UPLOAD_LIMIT
|
||||
value: 4G
|
||||
- name: POD_INDEX
|
||||
- name: OBJECTSTORE_S3_KEY
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: REDIS_HOST
|
||||
value: redis # équivaut à redis.nextcloud.svc.cluster.local
|
||||
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
|
||||
- name: REDIS_HOST_PORT
|
||||
value: "6379"
|
||||
######################
|
||||
# Partie minio S3
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_ACCESS_KEY
|
||||
- name: OBJECTSTORE_S3_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_SECRET_KEY
|
||||
- name: OBJECTSTORE_S3_HOST
|
||||
value: minio:$(MINIO_SERVICE_PORT)
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: nextcloud-minio
|
||||
- name: OBJECTSTORE_S3_KEY # 15
|
||||
value: minio_root
|
||||
- name: OBJECTSTORE_S3_SECRET
|
||||
value: MinioRootNotSoSecret
|
||||
- name: OBJECTSTORE_S3_PORT
|
||||
value: "443"
|
||||
- name: OBJECTSTORE_S3_SSL
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_SSL # 18
|
||||
value: "true"
|
||||
|
||||
# # Partie AWS S3 => fonctionnelle sur scaleway
|
||||
# - name: OBJECTSTORE_S3_BUCKET
|
||||
# value: nextcloud-cadoles
|
||||
# - name: OBJECTSTORE_S3_HOST
|
||||
# value: s3.fr-par.scw.cloud
|
||||
# - name: OBJECTSTORE_S3_PORT
|
||||
# value: "443"
|
||||
# - name: OBJECTSTORE_S3_REGION
|
||||
# value: fr-par
|
||||
# - name: OBJECTSTORE_S3_KEY
|
||||
# value: MyAPIKey
|
||||
# - name: OBJECTSTORE_S3_SECRET
|
||||
# value: MyAPISecret
|
||||
# - name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
# value: "false"
|
||||
# - name: OBJECTSTORE_S3_SSL
|
||||
# value: "true"
|
||||
# - name: OBJECTSTORE_S3_AUTOCREATE
|
||||
# value: "true"
|
||||
# - name: OBJECTSTORE_S3_OBJECT_PREFIX
|
||||
# value: nxt_
|
||||
|
||||
# Mise en place SMTP
|
||||
- name: MAIL_FROM_ADDRESS
|
||||
value: "nextcloud"
|
||||
- name: MAIL_DOMAIN
|
||||
value: "cadoles.com"
|
||||
- name: SMTP_HOST
|
||||
value: "groupware.cadoles.com"
|
||||
- name: SMTP_SECURE
|
||||
value: "STARTTLS"
|
||||
- name: SMTP_PORT
|
||||
value: "587"
|
||||
- name: SMTP_AUTHTYPE
|
||||
value: "LOGIN"
|
||||
- name: SMTP_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-smtp
|
||||
key: smtp-username
|
||||
- name: SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-smtp
|
||||
key: smtp-password
|
||||
|
||||
- name: NEXTCLOUD_DATA_DIR
|
||||
value: "/var/www/html/data"
|
||||
|
||||
# ADD LDAP CONF
|
||||
- name: NEXTCLOUD_LDAP_HOST
|
||||
value: ldaps://ldap.cadoles.com
|
||||
- name: NEXTCLOUD_LDAP_BASE
|
||||
value: ou=cadoles,o=gouv,c=fr
|
||||
- name: NEXTCLOUD_LDAP_DN
|
||||
value: cn=reader,o=gouv,c=fr
|
||||
- name: NEXTCLOUD_LDAP_PASSWD
|
||||
value: phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae
|
||||
- name: NEXTCLOUD_LDAP_BASE_GROUPS
|
||||
value: ou=groups,ou=cadoles,o=gouv,c=fr
|
||||
- name: NEXTCLOUD_LDAP_BASE_USERS
|
||||
value: ou=users,ou=cadoles,o=gouv,c=fr
|
||||
- name: NEXTCLOUD_LDAP_ACTIVE_CONF
|
||||
value: '1'
|
||||
- name: NEXTCLOUD_LDAP_ADMIN_EXP
|
||||
value: '0'
|
||||
- name: NEXTCLOUD_LDAP_EXP_UUID
|
||||
value: cn
|
||||
- name: NEXTCLOUD_LDAP_LOGIN_FILTER
|
||||
value: (&(objectClass=person)(uid=%uid))
|
||||
- name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR
|
||||
value: uid
|
||||
- name: NEXTCLOUD_LDAP_PORT
|
||||
value: '636'
|
||||
- name: NEXTCLOUD_LDAP_USR_FILTR
|
||||
value: (|(objectclass=person))
|
||||
- name: NEXTCLOUD_LDAP_OBJ_FILTR
|
||||
value: person
|
||||
- name: NEXTCLOUD_LDAP_MAIL_ATTR
|
||||
value: mail
|
||||
- name: NEXTCLOUD_LDAP_USER_DISP
|
||||
value: cn
|
||||
- name: NEXTCLOUD_LDAP_GROUP_FILTR
|
||||
value: (&(|(objectclass=cadolesGroup)))
|
||||
- name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS
|
||||
value: cadolesGroup
|
||||
- name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO
|
||||
value: gidNumber
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@ -177,7 +54,7 @@ spec:
|
||||
port: 80
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: nxt.cadoles.fr
|
||||
value: nxt.cadoles.lan
|
||||
initialDelaySeconds: 50
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
@ -189,105 +66,26 @@ spec:
|
||||
port: 80
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: nxt.cadoles.fr
|
||||
value: nxt.cadoles.lan
|
||||
initialDelaySeconds: 50
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
|
||||
volumeMounts:
|
||||
- mountPath: /var/www/
|
||||
name: nextcloud-main-volume
|
||||
- mountPath: /var/www/html
|
||||
name: nextcloud-html-volume
|
||||
- mountPath: /var/www/html/data
|
||||
name: nextcloud-data-volume
|
||||
- mountPath: /var/www/html/config
|
||||
name: nextcloud-config-volume
|
||||
- mountPath: /var/www/html/custom_apps
|
||||
name: nextcloud-custom-volume
|
||||
- mountPath: /var/www/tmp
|
||||
name: nextcloud-tmp-volume
|
||||
- mountPath: /var/www/html/themes
|
||||
name: nextcloud-themes-volume
|
||||
|
||||
# ICI montage pour les script !
|
||||
- mountPath: /etc/script/poststart-ldap.sh
|
||||
- mountPath: /docker-entrypoint-hooks.d/post-installation/ldap.sh
|
||||
name: script-config-ldap
|
||||
subPath: poststart-ldap.sh
|
||||
- mountPath: /etc/script/custom-script.sh
|
||||
name: update-config-script
|
||||
subPath: custom-script.sh
|
||||
- mountPath: /etc/minio-ccerts
|
||||
name: minio-certs
|
||||
readOnly: true
|
||||
|
||||
# MOUNT-TRY-multi-instance
|
||||
# - name: nextcloud-config-volume # monte le fichier de configuration dans
|
||||
# mountPath: /var/www/html/config # les instances supplémentaire
|
||||
# readOnly: false # via le configmap ConfigMaps-php.yaml
|
||||
|
||||
restartPolicy: Always
|
||||
serviceAccountName: nextcloud-sa # declare user for initcontainer
|
||||
|
||||
# trois volumes pour les script
|
||||
volumes:
|
||||
- name: minio-certs
|
||||
secret:
|
||||
secretName: nextcloud-minio-tls # montage des certificat de minio
|
||||
- name: update-config-script
|
||||
configMap:
|
||||
name: update-config
|
||||
defaultMode: 0744
|
||||
secretName: nextcloud-minio-tls
|
||||
- name: script-config-ldap
|
||||
configMap:
|
||||
name: script-config-ldap
|
||||
defaultMode: 0744
|
||||
|
||||
# MOUNT-TRY-multi-instance
|
||||
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
|
||||
# configMap: # les instances supplémentaires
|
||||
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
|
||||
|
||||
- name: nextcloud-main-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-main-pvc
|
||||
- name: nextcloud-html-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-html-pvc
|
||||
- name: nextcloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-data-pvc
|
||||
- name: nextcloud-config-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-config-pvc
|
||||
- name: nextcloud-custom-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-custom-pvc
|
||||
- name: nextcloud-tmp-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-tmp-pvc
|
||||
- name: nextcloud-themes-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-themes-pvc
|
||||
|
||||
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
|
||||
- name: wait-for-bootstrap
|
||||
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
||||
args:
|
||||
- job
|
||||
- $(MINIO_BOOTSTRAP_JOB_NAME)
|
||||
|
||||
|
||||
#####################################################
|
||||
# For REDIS-OPERATOR USE THIS TO SET PORT
|
||||
#####################################################
|
||||
# - name: REDIS_HOST_PORT
|
||||
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
|
||||
# - name: REDIS_HOST_PASSWORD
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: redis-secret
|
||||
# key: password
|
||||
#####################################################
|
||||
defaultMode: 0755
|
||||
restartPolicy: Always
|
||||
serviceAccountName: nextcloud-sa
|
||||
|
@ -1,65 +0,0 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: create-minio-bucket
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-minio
|
||||
image: reg.cadoles.com/proxy_cache/library/debian:bookworm
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo "attente du service minio..."
|
||||
cnt=0
|
||||
tout=300
|
||||
apt update && apt install --yes --force-yes wget openssl
|
||||
cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates
|
||||
while [ 1 ]
|
||||
do
|
||||
http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}')
|
||||
if [ "${http_code}" != "200" ]; then
|
||||
echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}"
|
||||
sleep 1
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cnt=$((cnt+1))
|
||||
if [ "${cnt}" -ge "${tout}" ]; then
|
||||
exit 3
|
||||
fi
|
||||
done
|
||||
# Encore nécessaire ?
|
||||
containers:
|
||||
- name: create-bucket
|
||||
image: minio/mc
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
env:
|
||||
- name: CONSOLE_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_ACCESS_KEY
|
||||
- name: CONSOLE_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_SECRET_KEY
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo "création de l'alias my-minio"
|
||||
mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
|
||||
echo "création du bucket..."
|
||||
mc mb --insecure my-minio/nextcloud-minio
|
||||
echo "Bucket créé. normalement"
|
||||
restartPolicy: OnFailure
|
||||
|
||||
|
@ -13,10 +13,10 @@ spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- nxt.cadoles.fr
|
||||
- nxt.cadoles.lan
|
||||
secretName: cadoles-selfsigned-ca
|
||||
rules:
|
||||
- host: nxt.cadoles.fr
|
||||
- host: nxt.cadoles.lan
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
|
@ -1,4 +1,4 @@
|
||||
export MINIO_ROOT_USER="cadoles"
|
||||
export MINIO_ROOT_PASSWORD="cadoles;21"
|
||||
export MINIO_ROOT_USER="minio_root"
|
||||
export MINIO_ROOT_PASSWORD="MinioRootNotSoSecret"
|
||||
export MINIO_STORAGE_CLASS_STANDARD="EC:2"
|
||||
export MINIO_BROWSER="on"
|
46
overlays/dev/resources/nextcloud/cm-ldap-script.yaml
Normal file
46
overlays/dev/resources/nextcloud/cm-ldap-script.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: script-config-ldap
|
||||
data:
|
||||
poststart-ldap.sh: |
|
||||
#!/bin/sh
|
||||
|
||||
/bin/sh -c "/var/www/html/occ app:install user_ldap"
|
||||
/bin/sh -c "/var/www/html/occ app:update user_ldap"
|
||||
/bin/sh -c "/var/www/html/occ app:enable user_ldap"
|
||||
|
||||
/bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt"
|
||||
if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
|
||||
/bin/sh -c "/var/www/html/occ ldap:create-empty-config"
|
||||
fi
|
||||
|
||||
# Configurez LDAP (configuration minimale)
|
||||
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'"
|
||||
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'"
|
||||
|
||||
# Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
|
||||
#exec /entrypoint.sh "$@"
|
||||
|
||||
# /bin/sh -c "/var/www/html/occ app:enable user_ldap"
|
||||
# est fonctionnel dans le pods nextcloud !
|
||||
|
||||
#liste config : /bin/sh -c "/var/www/html/occ config:list"
|
41
overlays/dev/resources/nextcloud/job-minio.yaml
Normal file
41
overlays/dev/resources/nextcloud/job-minio.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: create-minio-bucket
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: wait-for-minio
|
||||
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
||||
args:
|
||||
- service
|
||||
- minio
|
||||
containers:
|
||||
- name: create-bucket
|
||||
image: minio/mc
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
env:
|
||||
- name: CONSOLE_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_ACCESS_KEY
|
||||
- name: CONSOLE_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_SECRET_KEY
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
echo "création de l'alias my-minio"
|
||||
mc alias set --insecure my-minio https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
|
||||
echo "création du bucket..."
|
||||
mc mb --insecure my-minio/nextcloud-minio
|
||||
echo "Bucket créé. normalement"
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: nextcloud-sa # declare user for initcontainer
|
||||
|
@ -12,16 +12,13 @@ spec:
|
||||
volumesPerServer: 3
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
name: nextcloud-minio-data # juste son nom dans le cluster
|
||||
name: nextcloud-minio-data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 3Gi
|
||||
# env:
|
||||
# - name: MINIO_CONSOLE_TLS_ENABLE
|
||||
# value: "off"
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
@ -30,4 +27,3 @@ spec:
|
||||
name: nextcloud-minio-configuration
|
||||
users:
|
||||
- name: nextcloud-minio-user
|
||||
|
@ -15,7 +15,7 @@ spec:
|
||||
- cadoles
|
||||
# The use of the common name field has been deprecated since 2000 and is
|
||||
# discouraged from being used.
|
||||
commonName: cadoles.fr
|
||||
commonName: cadoles.lan
|
||||
isCA: false
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
@ -27,8 +27,8 @@ spec:
|
||||
# At least one of a DNS Name, URI, or IP address is required.
|
||||
dnsNames:
|
||||
- nextcloud
|
||||
- nextcloud.cadoles.fr
|
||||
- nxt.cadoles.fr
|
||||
- nextcloud.cadoles.lan
|
||||
- nxt.cadoles.lan
|
||||
# Issuer references are always required.
|
||||
issuerRef:
|
||||
name: cadoles-ca-issuer
|
Loading…
Reference in New Issue
Block a user