change for the new patch system for kustomize (remove strategyMerge and JSON patch)

This commit is contained in:
vfebvre 2023-09-04 12:40:18 +02:00
parent dbece5cad2
commit 666c1b3097
13 changed files with 313 additions and 317 deletions

View File

@ -39,9 +39,10 @@ data:
## test if backend ldap is activated and create empty config if not
#
#touch /tmp/nxt-ldap.txt
#su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nextcloud-ldap.txt" www-data
#if grep -q "Invalid configID" /tmp/nextcloud-ldap.txt; then
# sudo -u www-data php /var/www/html/nextcloud/occ ldap:create-empty-config -q
#su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt" www-data
#if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
# su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data
# #sudo -u www-data php /var/www/html/nextcloud/occ ldap:create-empty-config -q
#fi
# Configurez LDAP (configuration minimale)
@ -56,11 +57,15 @@ data:
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'" www-data
#sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilter "${ldapGroupFilter}"
#sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilterObjectclass "${ldapGroupFilterObjectclass}"

View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: update-config
data:
custom-script.sh: |
#!/bin/sh
HOSTS_FILE="/etc/hosts"
# Ajoutez l'entrée au fichier hosts
MINIO_SERVICE_IP="${MINIO_SERVICE_HOST}"
MINIO_NAME="${MINIO_SERVICE_NAME}"
echo "$MINIO_SERVICE_IP" minio >> $HOSTS_FILE

View File

@ -0,0 +1,271 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nextcloud
component: app
name: app
spec:
# serviceName: nextcloud
replicas: 1
selector:
matchLabels:
app: nextcloud
component: app
template:
metadata:
labels:
app: nextcloud
component: app
spec:
containers:
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
imagePullPolicy: Always
name: app
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && touch /etc/script/try01.txt"]
# envFrom:
# - configMapRef:
# name: nextcloud-env
env:
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-postgres-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-postgres-app
key: password
- name: POSTGRES_HOST
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
- name: NEXTCLOUD_ADMIN_USER
value: admincadoles
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
value: CadolesNotSecret
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "*.cadoles.fr"
- name: NEXTCLOUD_INIT_LOCK
value: "true"
- name: PHP_MEMORY_LIMIT
value: 512M
- name: PHP_UPLOAD_LIMIT
value: 4G
- name: POD_INDEX
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: REDIS_HOST
value: redis # équivaut à redis.nextcloud.svc.cluster.local
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
- name: REDIS_HOST_PORT
value: "6379"
######################
# Partie minio S3
- name: OBJECTSTORE_S3_HOST
value: minio:$(MINIO_SERVICE_PORT)
# value: $(MINIO_SERVICE_NAME):$(MINIO_SERVICE_PORT)
- name: OBJECTSTORE_S3_BUCKET
value: nextcloud-minio
- name: OBJECTSTORE_S3_KEY # 15
value: minio_root
- name: OBJECTSTORE_S3_SECRET
value: MinioRootNotSoSecret
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_SSL # 18
value: "true"
##################################
# Mise en place SMTP
- name: MAIL_FROM_ADDRESS
value: "nextcloud"
- name: MAIL_DOMAIN
value: "cadoles.com"
- name: SMTP_HOST
value: "groupware.cadoles.com"
- name: SMTP_SECURE
value: "STARTTLS"
- name: SMTP_PORT
value: "587"
- name: SMTP_AUTHTYPE
value: "LOGIN"
- name: SMTP_NAME
valueFrom:
secretKeyRef:
name: nextcloud-smtp
key: smtp-username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-smtp
key: smtp-password
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
##ADD LDAP CONF
- name: NEXTCLOUD_LDAP_HOST
value: ldaps://ldap.cadoles.com
- name: NEXTCLOUD_LDAP_BASE
value: ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_DN
value: cn=reader,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_PASSWD
value: "phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae"
- name: NEXTCLOUD_LDAP_BASE_GROUPS
value: ou=groups,ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_BASE_USERS
value: ou=users,ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_ACTIVE_CONF
value: "1"
- name: NEXTCLOUD_LDAP_ADMIN_EXP
value: "0"
- name: NEXTCLOUD_LDAP_EXP_UUID
value: cn
- name: NEXTCLOUD_LDAP_LOGIN_FILTER
value: (&(objectClass=person)(cn=%uid))
- name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR
value: uid
- name: NEXTCLOUD_LDAP_PORT
value: "636"
- name: NEXTCLOUD_LDAP_USR_FILTR
value: (|(objectclass=person))
- name: NEXTCLOUD_LDAP_OBJ_FILTR
value: person
- name: NEXTCLOUD_LDAP_MAIL_ATTR
value: mail
- name: NEXTCLOUD_LDAP_USER_DISP
value: cn
- name: NEXTCLOUD_LDAP_GROUP_FILTR
value: (&(|(objectclass=cadolesGroup)))
- name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS
value: cadolesGroup
- name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO
value: gidNumber
livenessProbe: # vérifie si c'est planté ou non
httpGet:
path: /status.php
port: 80 # en reférence à ingress.yaml ?
httpHeaders:
- name: Host
value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml
initialDelaySeconds: 50
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe: # vérifie si c'est ok pour envoyer des requête ou non
httpGet:
path: /status.php
port: 80 # en référence à ingress.yaml ?
httpHeaders:
- name: Host
value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml
initialDelaySeconds: 50
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
volumeMounts:
- mountPath: /var/www/
name: nextcloud-main-volume
- mountPath: /var/www/html
name: nextcloud-html-volume
- mountPath: /var/www/html/data
name: nextcloud-data-volume
- mountPath: /var/www/html/config
name: nextcloud-config-volume
- mountPath: /var/www/html/custom_apps
name: nextcloud-custom-volume
- mountPath: /var/www/tmp
name: nextcloud-tmp-volume
- mountPath: /var/www/html/themes
name: nextcloud-themes-volume
# ICI montage pour les script !
- mountPath: /etc/script/poststart-ldap.sh
name: script-config-ldap
subPath: poststart-ldap.sh
- mountPath: /etc/script/custom-script.sh
name: update-config-script
subPath: custom-script.sh
- mountPath: /etc/minio-ccerts
name: minio-certs
readOnly: true
# MOUNT-TRY-multi-instance
# - name: nextcloud-config-volume # monte le fichier de configuration dans
# mountPath: /var/www/html/config # les instances supplémentaire
# readOnly: false # via le configmap ConfigMaps-php.yaml
restartPolicy: Always
serviceAccountName: nextcloud-sa # declare user for initcontainer
# trois volumes pour les script
volumes:
- name: minio-certs
secret:
secretName: nextcloud-minio-tls # montage des certificat de minio
- name: update-config-script
configMap:
name: update-config
defaultMode: 0744
- name: script-config-ldap
configMap:
name: script-config-ldap
defaultMode: 0744
# MOUNT-TRY-multi-instance
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
# configMap: # les instances supplémentaires
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
- name: nextcloud-main-volume
persistentVolumeClaim:
claimName: nextcloud-main-pvc
- name: nextcloud-html-volume
persistentVolumeClaim:
claimName: nextcloud-html-pvc
- name: nextcloud-data-volume
persistentVolumeClaim:
claimName: nextcloud-data-pvc
- name: nextcloud-config-volume
persistentVolumeClaim:
claimName: nextcloud-config-pvc
- name: nextcloud-custom-volume
persistentVolumeClaim:
claimName: nextcloud-custom-pvc
- name: nextcloud-tmp-volume
persistentVolumeClaim:
claimName: nextcloud-tmp-pvc
- name: nextcloud-themes-volume
persistentVolumeClaim:
claimName: nextcloud-themes-pvc
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
- name: wait-for-bootstrap
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
args:
- job
- $(MINIO_BOOTSTRAP_JOB_NAME)
#####################################################
# For REDIS-OPERATOR USE THIS TO SET PORT
#####################################################
# - name: REDIS_HOST_PORT
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
# - name: REDIS_HOST_PASSWORD
# valueFrom:
# secretKeyRef:
# name: redis-secret
# key: password
#####################################################

View File

@ -1,36 +0,0 @@
#- op: replace
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1proxy-body-size
# value: "1G"
#- op: replace
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1enable-cors
# value: "true"
#- op: replace
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1cors-allow-headers
# value: "X-Forwarded-For"
# En cas de besoin
#- op: add
# path: /metadata/annotations/nginx.ingress.kubernetes.io~1client_max_body_size
# value: "100m"
#- op: replace
# path: /spec/rules/0/host
# value: nxt.cadoles.fr
#- op: replace
# path: /spec/rules/0/http/paths/0/path
# value: /
#- op: replace
# path: /spec/rules/0/http/paths/0/pathType
# value: Prefix
#- op: replace
# path: /spec/rules/0/http/paths/0/backend/service/name
# value: nextcloud
#- op: replace
# path: /spec/rules/0/http/paths/0/backend/service/port/number
# value: 80
# logiquement path =
# path: /metadata/annotations/nginx.ingress.kubernetes.io/proxy-body-size
# sauf que ... json voila, "/" est à remplacer par ~1

View File

@ -1,75 +0,0 @@
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_HOST
value: openldap.openldap
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_BASE
value: dc=example,dc=org
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_DN
value: cn=admin,dc=example,dc=org
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_PASSWD
value: "adminpassword"
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_BASE_GROUPS
value: dc=example,dc=org
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_BASE_USERS
value: ou=users,dc=example,dc=org
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_ACTIVE_CONF
value: "1"
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_ADMIN_EXP
value: "0"
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_EXP_UUID
value: cn
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_LOGIN_FILTER
value: (&(objectClass=posixAccount)(cn=%uid))
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_PORT
value: "1389"
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_USR_FILTR
value: (|(objectclass=posixAccount))
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_OBJ_FILTR
value: posixAccount
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_MAIL_ATTR
value: mail
- op: add
path: "/spec/template/spec/containers/0/env/-"
value:
name: NEXTCLOUD_LDAP_USER_DISP
value: cn

View File

@ -1,26 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
template:
spec:
containers:
- name: app
env:
- name: NEXTCLOUD_ADMIN_USER
value: admincadoles
- name: NEXTCLOUD_ADMIN_PASSWORD
value: cadoles
- name: PHP_MEMORY_LIMIT
value: 512M
- name: PHP_UPLOAD_LIMIT
value: 4G
- name: REDIS_HOST
value: redis
- name: REDIS_HOST_PORT
value: "6379"
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "*.cadoles.fr"

View File

@ -1,34 +0,0 @@
# USER POSTGRES
# UNIQUEMENT Si vous ne passez pas par l'operateur.
#- op: replace
# path: /spec/template/spec/containers/env/0/value #POSTGRES_DB
# value: username
#- op: replace
# path: /spec/template/spec/containers/env/1/value #POSTGRES_USER
# value: username
#- op: replace
# path: /spec/template/spec/containers/env/2/value #POSTGRES_PASSWORD
# value: password
# CONF POSTGRES
- op: replace
path: /spec/template/spec/containers/0/env/3/value #POSTGRES_HOST
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST)
- op: replace
path: /spec/template/spec/containers/0/env/0/value #POSTGRES_DB
value: nextcloud
#Name: nextcloud-postgres-app
#Namespace: nextcloud
#Labels: cnpg.io/cluster=nextcloud-postgres
# cnpg.io/reload=true
#Annotations: cnpg.io/operatorVersion: 1.18.1
#
#Type: kubernetes.io/basic-auth
#
#Data
#====
#password: 64 bytes
#pgpass: 112 bytes
#username: 9 bytes

View File

@ -1,47 +0,0 @@
# livenessProbe
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/httpGet/httpHeaders/0/value
value: nxt.cadoles.fr
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/httpGet/port
value: 80
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds
value: 50
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/periodSeconds
value: 10
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/timeoutSeconds
value: 5
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/successThreshold
value: 1
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/failureThreshold
value: 6
# readinessProbe
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/httpGet/httpHeaders/0/value
value: nxt.cadoles.fr
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/httpGet/port
value: 80
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds
value: 50
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/periodSeconds
value: 10
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/timeoutSeconds
value: 5
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/successThreshold
value: 1
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/failureThreshold
value: 6

View File

@ -1,26 +0,0 @@
- op: replace
path: /spec/template/spec/containers/0/env/19/value #MAIL_FROM_ADDRESS
value: "usercadoles"
- op: replace
path: /spec/template/spec/containers/0/env/20/value #MAIL_DOMAIN
value: "cadoles.com"
- op: replace
path: /spec/template/spec/containers/0/env/21/value #SMTP_HOST
value: "groupware.cadoles.com"
- op: replace
path: /spec/template/spec/containers/0/env/22/value #SMTP_SECURE
value: "ssl"
- op: replace
path: /spec/template/spec/containers/0/env/23/value #SMTP_PORT
value: "587"
- op: replace
path: /spec/template/spec/containers/0/env/24/value #SMTP_AUTHTYPE
value: "LOGIN"
# THEORIQUEMENT LA MODIFICATION du secret generator lié dans kustomize suffit.
#- op: replace
# path: /spec/template/spec/containers/0/env/25/value #SMTP_NAME
# value:
#- op: replace
# path: /spec/template/spec/containers/0/env/26/value #SMTP_PASSWORD
# value:

View File

@ -0,0 +1,33 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: nextcloud-minio
spec:
certConfig:
dnsNames:
- "minio"
pools:
- servers: 2
name: pool-0
volumesPerServer: 3
volumeClaimTemplate:
metadata:
name: nextcloud-minio-data # juste son nom dans le cluster
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
# env:
# - name: MINIO_CONSOLE_TLS_ENABLE
# value: "off"
containerSecurityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
configuration:
name: nextcloud-minio-configuration
users:
- name: nextcloud-minio-user

View File

@ -1,34 +0,0 @@
# USER MDP NEXTCLOUD
- op: replace
path: /spec/template/spec/containers/0/env/4/value #NEXTCLOUD_ADMIN_USER
value: admincadoles
- op: replace
path: /spec/template/spec/containers/0/env/5/value #NEXTCLOUD_ADMIN_PASSWORD
value: CadolesNotSecret
# CONF NEXTCLOUD PHP
- op: replace
path: /spec/template/spec/containers/0/env/8/value #PHP_MEMORY_LIMIT
value: 512M
- op: replace
path: /spec/template/spec/containers/0/env/9/value #PHP_UPLOAD_LIMIT
value: 4G
# CONF NEXTCLOUD REDIS
- op: replace
path: /spec/template/spec/containers/0/env/11/value #REDIS_HOST
value: redis
- op: replace
path: /spec/template/spec/containers/0/env/12/value #REDIS_HOST_PORT
value: "6379"
# CONF NEXTCLOUD
#- op: replace
# path: /spec/template/spec/containers/0/env/27/value #NEXTCLOUD_DATA_DIR
# value: "/var/www/html/data"
- op: replace
path: /spec/template/spec/containers/0/env/6/value #NEXTCLOUD_TRUSTED_DOMAINS
value: "*.cadoles.fr"

View File

@ -1,21 +0,0 @@
- op: replace
path: /spec/certConfig/dnsNames
value: ["minio"]
- op: replace
path: /spec/pools/0/servers
value: 2
- op: replace
path: /spec/pools/0/volumesPerServer
value: 3
- op: replace
path: /spec/pools/0/volumeClaimTemplate/spec/resources/requests/storage
value: 3Gi
- op: replace
path: /spec/pools/0/containerSecurityContext/runAsUser
value: 1000
- op: replace
path: /spec/pools/0/containerSecurityContext/runAsGroup
value: 1000
- op: replace
path: /spec/pools/0/containerSecurityContext/runAsNonRoot
value: true