change for the new patch system for kustomize (remove strategyMerge and JSON patch)
This commit is contained in:
parent
dbece5cad2
commit
666c1b3097
@ -39,9 +39,10 @@ data:
|
|||||||
## test if backend ldap is activated and create empty config if not
|
## test if backend ldap is activated and create empty config if not
|
||||||
#
|
#
|
||||||
#touch /tmp/nxt-ldap.txt
|
#touch /tmp/nxt-ldap.txt
|
||||||
#su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nextcloud-ldap.txt" www-data
|
#su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt" www-data
|
||||||
#if grep -q "Invalid configID" /tmp/nextcloud-ldap.txt; then
|
#if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
|
||||||
# sudo -u www-data php /var/www/html/nextcloud/occ ldap:create-empty-config -q
|
# su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data
|
||||||
|
# #sudo -u www-data php /var/www/html/nextcloud/occ ldap:create-empty-config -q
|
||||||
#fi
|
#fi
|
||||||
|
|
||||||
# Configurez LDAP (configuration minimale)
|
# Configurez LDAP (configuration minimale)
|
||||||
@ -56,11 +57,15 @@ data:
|
|||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" www-data
|
||||||
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" www-data
|
||||||
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" www-data
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" www-data
|
||||||
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'" www-data
|
||||||
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'" www-data
|
||||||
|
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'" www-data
|
||||||
|
|
||||||
#sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilter "${ldapGroupFilter}"
|
#sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilter "${ldapGroupFilter}"
|
||||||
#sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilterObjectclass "${ldapGroupFilterObjectclass}"
|
#sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilterObjectclass "${ldapGroupFilterObjectclass}"
|
||||||
|
@ -6,4 +6,4 @@ data:
|
|||||||
redis-config: |
|
redis-config: |
|
||||||
maxmemory 4mb
|
maxmemory 4mb
|
||||||
maxmemory-policy volatile-lru
|
maxmemory-policy volatile-lru
|
||||||
appendonly yes
|
appendonly yes
|
@ -1,14 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: update-config
|
|
||||||
data:
|
|
||||||
custom-script.sh: |
|
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
HOSTS_FILE="/etc/hosts"
|
|
||||||
|
|
||||||
# Ajoutez l'entrée au fichier hosts
|
|
||||||
MINIO_SERVICE_IP="${MINIO_SERVICE_HOST}"
|
|
||||||
MINIO_NAME="${MINIO_SERVICE_NAME}"
|
|
||||||
echo "$MINIO_SERVICE_IP" minio >> $HOSTS_FILE
|
|
271
overlays/dev/patches/deployment.yaml
Normal file
271
overlays/dev/patches/deployment.yaml
Normal file
@ -0,0 +1,271 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: nextcloud
|
||||||
|
component: app
|
||||||
|
name: app
|
||||||
|
spec:
|
||||||
|
# serviceName: nextcloud
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: nextcloud
|
||||||
|
component: app
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: nextcloud
|
||||||
|
component: app
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
|
||||||
|
imagePullPolicy: Always
|
||||||
|
name: app
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
lifecycle:
|
||||||
|
postStart:
|
||||||
|
exec:
|
||||||
|
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && touch /etc/script/try01.txt"]
|
||||||
|
# envFrom:
|
||||||
|
# - configMapRef:
|
||||||
|
# name: nextcloud-env
|
||||||
|
env:
|
||||||
|
- name: POSTGRES_DB
|
||||||
|
value: nextcloud
|
||||||
|
- name: POSTGRES_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: nextcloud-postgres-app
|
||||||
|
key: username
|
||||||
|
- name: POSTGRES_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: nextcloud-postgres-app
|
||||||
|
key: password
|
||||||
|
- name: POSTGRES_HOST
|
||||||
|
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
|
||||||
|
- name: NEXTCLOUD_ADMIN_USER
|
||||||
|
value: admincadoles
|
||||||
|
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
|
||||||
|
value: CadolesNotSecret
|
||||||
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||||
|
value: "*.cadoles.fr"
|
||||||
|
- name: NEXTCLOUD_INIT_LOCK
|
||||||
|
value: "true"
|
||||||
|
- name: PHP_MEMORY_LIMIT
|
||||||
|
value: 512M
|
||||||
|
- name: PHP_UPLOAD_LIMIT
|
||||||
|
value: 4G
|
||||||
|
- name: POD_INDEX
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: redis # équivaut à redis.nextcloud.svc.cluster.local
|
||||||
|
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
|
||||||
|
- name: REDIS_HOST_PORT
|
||||||
|
value: "6379"
|
||||||
|
######################
|
||||||
|
# Partie minio S3
|
||||||
|
- name: OBJECTSTORE_S3_HOST
|
||||||
|
value: minio:$(MINIO_SERVICE_PORT)
|
||||||
|
# value: $(MINIO_SERVICE_NAME):$(MINIO_SERVICE_PORT)
|
||||||
|
- name: OBJECTSTORE_S3_BUCKET
|
||||||
|
value: nextcloud-minio
|
||||||
|
- name: OBJECTSTORE_S3_KEY # 15
|
||||||
|
value: minio_root
|
||||||
|
- name: OBJECTSTORE_S3_SECRET
|
||||||
|
value: MinioRootNotSoSecret
|
||||||
|
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||||
|
value: "true"
|
||||||
|
- name: OBJECTSTORE_S3_SSL # 18
|
||||||
|
value: "true"
|
||||||
|
##################################
|
||||||
|
# Mise en place SMTP
|
||||||
|
- name: MAIL_FROM_ADDRESS
|
||||||
|
value: "nextcloud"
|
||||||
|
- name: MAIL_DOMAIN
|
||||||
|
value: "cadoles.com"
|
||||||
|
- name: SMTP_HOST
|
||||||
|
value: "groupware.cadoles.com"
|
||||||
|
- name: SMTP_SECURE
|
||||||
|
value: "STARTTLS"
|
||||||
|
- name: SMTP_PORT
|
||||||
|
value: "587"
|
||||||
|
- name: SMTP_AUTHTYPE
|
||||||
|
value: "LOGIN"
|
||||||
|
- name: SMTP_NAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: nextcloud-smtp
|
||||||
|
key: smtp-username
|
||||||
|
- name: SMTP_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: nextcloud-smtp
|
||||||
|
key: smtp-password
|
||||||
|
|
||||||
|
- name: NEXTCLOUD_DATA_DIR
|
||||||
|
value: "/var/www/html/data"
|
||||||
|
##ADD LDAP CONF
|
||||||
|
- name: NEXTCLOUD_LDAP_HOST
|
||||||
|
value: ldaps://ldap.cadoles.com
|
||||||
|
- name: NEXTCLOUD_LDAP_BASE
|
||||||
|
value: ou=cadoles,o=gouv,c=fr
|
||||||
|
- name: NEXTCLOUD_LDAP_DN
|
||||||
|
value: cn=reader,o=gouv,c=fr
|
||||||
|
- name: NEXTCLOUD_LDAP_PASSWD
|
||||||
|
value: "phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae"
|
||||||
|
- name: NEXTCLOUD_LDAP_BASE_GROUPS
|
||||||
|
value: ou=groups,ou=cadoles,o=gouv,c=fr
|
||||||
|
- name: NEXTCLOUD_LDAP_BASE_USERS
|
||||||
|
value: ou=users,ou=cadoles,o=gouv,c=fr
|
||||||
|
- name: NEXTCLOUD_LDAP_ACTIVE_CONF
|
||||||
|
value: "1"
|
||||||
|
- name: NEXTCLOUD_LDAP_ADMIN_EXP
|
||||||
|
value: "0"
|
||||||
|
- name: NEXTCLOUD_LDAP_EXP_UUID
|
||||||
|
value: cn
|
||||||
|
- name: NEXTCLOUD_LDAP_LOGIN_FILTER
|
||||||
|
value: (&(objectClass=person)(cn=%uid))
|
||||||
|
- name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR
|
||||||
|
value: uid
|
||||||
|
- name: NEXTCLOUD_LDAP_PORT
|
||||||
|
value: "636"
|
||||||
|
- name: NEXTCLOUD_LDAP_USR_FILTR
|
||||||
|
value: (|(objectclass=person))
|
||||||
|
- name: NEXTCLOUD_LDAP_OBJ_FILTR
|
||||||
|
value: person
|
||||||
|
- name: NEXTCLOUD_LDAP_MAIL_ATTR
|
||||||
|
value: mail
|
||||||
|
- name: NEXTCLOUD_LDAP_USER_DISP
|
||||||
|
value: cn
|
||||||
|
- name: NEXTCLOUD_LDAP_GROUP_FILTR
|
||||||
|
value: (&(|(objectclass=cadolesGroup)))
|
||||||
|
- name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS
|
||||||
|
value: cadolesGroup
|
||||||
|
- name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO
|
||||||
|
value: gidNumber
|
||||||
|
|
||||||
|
livenessProbe: # vérifie si c'est planté ou non
|
||||||
|
httpGet:
|
||||||
|
path: /status.php
|
||||||
|
port: 80 # en reférence à ingress.yaml ?
|
||||||
|
httpHeaders:
|
||||||
|
- name: Host
|
||||||
|
value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml
|
||||||
|
initialDelaySeconds: 50
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 6
|
||||||
|
readinessProbe: # vérifie si c'est ok pour envoyer des requête ou non
|
||||||
|
httpGet:
|
||||||
|
path: /status.php
|
||||||
|
port: 80 # en référence à ingress.yaml ?
|
||||||
|
httpHeaders:
|
||||||
|
- name: Host
|
||||||
|
value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml
|
||||||
|
initialDelaySeconds: 50
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 6
|
||||||
|
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/www/
|
||||||
|
name: nextcloud-main-volume
|
||||||
|
- mountPath: /var/www/html
|
||||||
|
name: nextcloud-html-volume
|
||||||
|
- mountPath: /var/www/html/data
|
||||||
|
name: nextcloud-data-volume
|
||||||
|
- mountPath: /var/www/html/config
|
||||||
|
name: nextcloud-config-volume
|
||||||
|
- mountPath: /var/www/html/custom_apps
|
||||||
|
name: nextcloud-custom-volume
|
||||||
|
- mountPath: /var/www/tmp
|
||||||
|
name: nextcloud-tmp-volume
|
||||||
|
- mountPath: /var/www/html/themes
|
||||||
|
name: nextcloud-themes-volume
|
||||||
|
|
||||||
|
# ICI montage pour les script !
|
||||||
|
- mountPath: /etc/script/poststart-ldap.sh
|
||||||
|
name: script-config-ldap
|
||||||
|
subPath: poststart-ldap.sh
|
||||||
|
- mountPath: /etc/script/custom-script.sh
|
||||||
|
name: update-config-script
|
||||||
|
subPath: custom-script.sh
|
||||||
|
- mountPath: /etc/minio-ccerts
|
||||||
|
name: minio-certs
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
# MOUNT-TRY-multi-instance
|
||||||
|
# - name: nextcloud-config-volume # monte le fichier de configuration dans
|
||||||
|
# mountPath: /var/www/html/config # les instances supplémentaire
|
||||||
|
# readOnly: false # via le configmap ConfigMaps-php.yaml
|
||||||
|
|
||||||
|
restartPolicy: Always
|
||||||
|
serviceAccountName: nextcloud-sa # declare user for initcontainer
|
||||||
|
|
||||||
|
# trois volumes pour les script
|
||||||
|
volumes:
|
||||||
|
- name: minio-certs
|
||||||
|
secret:
|
||||||
|
secretName: nextcloud-minio-tls # montage des certificat de minio
|
||||||
|
- name: update-config-script
|
||||||
|
configMap:
|
||||||
|
name: update-config
|
||||||
|
defaultMode: 0744
|
||||||
|
- name: script-config-ldap
|
||||||
|
configMap:
|
||||||
|
name: script-config-ldap
|
||||||
|
defaultMode: 0744
|
||||||
|
|
||||||
|
# MOUNT-TRY-multi-instance
|
||||||
|
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
|
||||||
|
# configMap: # les instances supplémentaires
|
||||||
|
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
|
||||||
|
|
||||||
|
- name: nextcloud-main-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-main-pvc
|
||||||
|
- name: nextcloud-html-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-html-pvc
|
||||||
|
- name: nextcloud-data-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-data-pvc
|
||||||
|
- name: nextcloud-config-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-config-pvc
|
||||||
|
- name: nextcloud-custom-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-custom-pvc
|
||||||
|
- name: nextcloud-tmp-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-tmp-pvc
|
||||||
|
- name: nextcloud-themes-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: nextcloud-themes-pvc
|
||||||
|
|
||||||
|
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
|
||||||
|
- name: wait-for-bootstrap
|
||||||
|
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
||||||
|
args:
|
||||||
|
- job
|
||||||
|
- $(MINIO_BOOTSTRAP_JOB_NAME)
|
||||||
|
|
||||||
|
|
||||||
|
#####################################################
|
||||||
|
# For REDIS-OPERATOR USE THIS TO SET PORT
|
||||||
|
#####################################################
|
||||||
|
# - name: REDIS_HOST_PORT
|
||||||
|
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
|
||||||
|
# - name: REDIS_HOST_PASSWORD
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: redis-secret
|
||||||
|
# key: password
|
||||||
|
#####################################################
|
@ -1,36 +0,0 @@
|
|||||||
#- op: replace
|
|
||||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size
|
|
||||||
# value: "1G"
|
|
||||||
#- op: replace
|
|
||||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors
|
|
||||||
# value: "true"
|
|
||||||
#- op: replace
|
|
||||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers
|
|
||||||
# value: "X-Forwarded-For"
|
|
||||||
|
|
||||||
# En cas de besoin
|
|
||||||
#- op: add
|
|
||||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1client_max_body_size
|
|
||||||
# value: "100m"
|
|
||||||
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/rules/0/host
|
|
||||||
# value: nxt.cadoles.fr
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/rules/0/http/paths/0/path
|
|
||||||
# value: /
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/rules/0/http/paths/0/pathType
|
|
||||||
# value: Prefix
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/rules/0/http/paths/0/backend/service/name
|
|
||||||
# value: nextcloud
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/rules/0/http/paths/0/backend/service/port/number
|
|
||||||
# value: 80
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# logiquement path =
|
|
||||||
# path: /metadata/annotations/nginx.ingress.kubernetes.io/proxy-body-size
|
|
||||||
# sauf que ... json voila, "/" est à remplacer par ~1
|
|
@ -1,75 +0,0 @@
|
|||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_HOST
|
|
||||||
value: openldap.openldap
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_BASE
|
|
||||||
value: dc=example,dc=org
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_DN
|
|
||||||
value: cn=admin,dc=example,dc=org
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_PASSWD
|
|
||||||
value: "adminpassword"
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_BASE_GROUPS
|
|
||||||
value: dc=example,dc=org
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_BASE_USERS
|
|
||||||
value: ou=users,dc=example,dc=org
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_ACTIVE_CONF
|
|
||||||
value: "1"
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_ADMIN_EXP
|
|
||||||
value: "0"
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_EXP_UUID
|
|
||||||
value: cn
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_LOGIN_FILTER
|
|
||||||
value: (&(objectClass=posixAccount)(cn=%uid))
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_PORT
|
|
||||||
value: "1389"
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_USR_FILTR
|
|
||||||
value: (|(objectclass=posixAccount))
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_OBJ_FILTR
|
|
||||||
value: posixAccount
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_MAIL_ATTR
|
|
||||||
value: mail
|
|
||||||
- op: add
|
|
||||||
path: "/spec/template/spec/containers/0/env/-"
|
|
||||||
value:
|
|
||||||
name: NEXTCLOUD_LDAP_USER_DISP
|
|
||||||
value: cn
|
|
@ -1,26 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: app
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: app
|
|
||||||
env:
|
|
||||||
- name: NEXTCLOUD_ADMIN_USER
|
|
||||||
value: admincadoles
|
|
||||||
- name: NEXTCLOUD_ADMIN_PASSWORD
|
|
||||||
value: cadoles
|
|
||||||
- name: PHP_MEMORY_LIMIT
|
|
||||||
value: 512M
|
|
||||||
- name: PHP_UPLOAD_LIMIT
|
|
||||||
value: 4G
|
|
||||||
- name: REDIS_HOST
|
|
||||||
value: redis
|
|
||||||
- name: REDIS_HOST_PORT
|
|
||||||
value: "6379"
|
|
||||||
- name: NEXTCLOUD_DATA_DIR
|
|
||||||
value: "/var/www/html/data"
|
|
||||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
|
||||||
value: "*.cadoles.fr"
|
|
@ -1,34 +0,0 @@
|
|||||||
# USER POSTGRES
|
|
||||||
# UNIQUEMENT Si vous ne passez pas par l'operateur.
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/template/spec/containers/env/0/value #POSTGRES_DB
|
|
||||||
# value: username
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/template/spec/containers/env/1/value #POSTGRES_USER
|
|
||||||
# value: username
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/template/spec/containers/env/2/value #POSTGRES_PASSWORD
|
|
||||||
# value: password
|
|
||||||
|
|
||||||
# CONF POSTGRES
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/3/value #POSTGRES_HOST
|
|
||||||
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST)
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/0/value #POSTGRES_DB
|
|
||||||
value: nextcloud
|
|
||||||
|
|
||||||
|
|
||||||
#Name: nextcloud-postgres-app
|
|
||||||
#Namespace: nextcloud
|
|
||||||
#Labels: cnpg.io/cluster=nextcloud-postgres
|
|
||||||
# cnpg.io/reload=true
|
|
||||||
#Annotations: cnpg.io/operatorVersion: 1.18.1
|
|
||||||
#
|
|
||||||
#Type: kubernetes.io/basic-auth
|
|
||||||
#
|
|
||||||
#Data
|
|
||||||
#====
|
|
||||||
#password: 64 bytes
|
|
||||||
#pgpass: 112 bytes
|
|
||||||
#username: 9 bytes
|
|
@ -1,47 +0,0 @@
|
|||||||
# livenessProbe
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/httpGet/httpHeaders/0/value
|
|
||||||
value: nxt.cadoles.fr
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/httpGet/port
|
|
||||||
value: 80
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds
|
|
||||||
value: 50
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/periodSeconds
|
|
||||||
value: 10
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/timeoutSeconds
|
|
||||||
value: 5
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/successThreshold
|
|
||||||
value: 1
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/livenessProbe/failureThreshold
|
|
||||||
value: 6
|
|
||||||
|
|
||||||
|
|
||||||
# readinessProbe
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/httpGet/httpHeaders/0/value
|
|
||||||
value: nxt.cadoles.fr
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/httpGet/port
|
|
||||||
value: 80
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds
|
|
||||||
value: 50
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/periodSeconds
|
|
||||||
value: 10
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/timeoutSeconds
|
|
||||||
value: 5
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/successThreshold
|
|
||||||
value: 1
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/readinessProbe/failureThreshold
|
|
||||||
value: 6
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/19/value #MAIL_FROM_ADDRESS
|
|
||||||
value: "usercadoles"
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/20/value #MAIL_DOMAIN
|
|
||||||
value: "cadoles.com"
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/21/value #SMTP_HOST
|
|
||||||
value: "groupware.cadoles.com"
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/22/value #SMTP_SECURE
|
|
||||||
value: "ssl"
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/23/value #SMTP_PORT
|
|
||||||
value: "587"
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/24/value #SMTP_AUTHTYPE
|
|
||||||
value: "LOGIN"
|
|
||||||
|
|
||||||
# THEORIQUEMENT LA MODIFICATION du secret generator lié dans kustomize suffit.
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/template/spec/containers/0/env/25/value #SMTP_NAME
|
|
||||||
# value:
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/template/spec/containers/0/env/26/value #SMTP_PASSWORD
|
|
||||||
# value:
|
|
33
overlays/dev/patches/nextcloud-tenant.yaml
Normal file
33
overlays/dev/patches/nextcloud-tenant.yaml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
apiVersion: minio.min.io/v2
|
||||||
|
kind: Tenant
|
||||||
|
metadata:
|
||||||
|
name: nextcloud-minio
|
||||||
|
spec:
|
||||||
|
certConfig:
|
||||||
|
dnsNames:
|
||||||
|
- "minio"
|
||||||
|
pools:
|
||||||
|
- servers: 2
|
||||||
|
name: pool-0
|
||||||
|
volumesPerServer: 3
|
||||||
|
volumeClaimTemplate:
|
||||||
|
metadata:
|
||||||
|
name: nextcloud-minio-data # juste son nom dans le cluster
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 3Gi
|
||||||
|
# env:
|
||||||
|
# - name: MINIO_CONSOLE_TLS_ENABLE
|
||||||
|
# value: "off"
|
||||||
|
containerSecurityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
configuration:
|
||||||
|
name: nextcloud-minio-configuration
|
||||||
|
users:
|
||||||
|
- name: nextcloud-minio-user
|
||||||
|
|
@ -1,34 +0,0 @@
|
|||||||
# USER MDP NEXTCLOUD
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/4/value #NEXTCLOUD_ADMIN_USER
|
|
||||||
value: admincadoles
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/5/value #NEXTCLOUD_ADMIN_PASSWORD
|
|
||||||
value: CadolesNotSecret
|
|
||||||
|
|
||||||
# CONF NEXTCLOUD PHP
|
|
||||||
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/8/value #PHP_MEMORY_LIMIT
|
|
||||||
value: 512M
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/9/value #PHP_UPLOAD_LIMIT
|
|
||||||
value: 4G
|
|
||||||
|
|
||||||
# CONF NEXTCLOUD REDIS
|
|
||||||
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/11/value #REDIS_HOST
|
|
||||||
value: redis
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/12/value #REDIS_HOST_PORT
|
|
||||||
value: "6379"
|
|
||||||
|
|
||||||
# CONF NEXTCLOUD
|
|
||||||
|
|
||||||
#- op: replace
|
|
||||||
# path: /spec/template/spec/containers/0/env/27/value #NEXTCLOUD_DATA_DIR
|
|
||||||
# value: "/var/www/html/data"
|
|
||||||
- op: replace
|
|
||||||
path: /spec/template/spec/containers/0/env/6/value #NEXTCLOUD_TRUSTED_DOMAINS
|
|
||||||
value: "*.cadoles.fr"
|
|
@ -1,21 +0,0 @@
|
|||||||
- op: replace
|
|
||||||
path: /spec/certConfig/dnsNames
|
|
||||||
value: ["minio"]
|
|
||||||
- op: replace
|
|
||||||
path: /spec/pools/0/servers
|
|
||||||
value: 2
|
|
||||||
- op: replace
|
|
||||||
path: /spec/pools/0/volumesPerServer
|
|
||||||
value: 3
|
|
||||||
- op: replace
|
|
||||||
path: /spec/pools/0/volumeClaimTemplate/spec/resources/requests/storage
|
|
||||||
value: 3Gi
|
|
||||||
- op: replace
|
|
||||||
path: /spec/pools/0/containerSecurityContext/runAsUser
|
|
||||||
value: 1000
|
|
||||||
- op: replace
|
|
||||||
path: /spec/pools/0/containerSecurityContext/runAsGroup
|
|
||||||
value: 1000
|
|
||||||
- op: replace
|
|
||||||
path: /spec/pools/0/containerSecurityContext/runAsNonRoot
|
|
||||||
value: true
|
|
Loading…
Reference in New Issue
Block a user