cleaning repo
This commit is contained in:
parent
4b0ab40b0d
commit
7fca904584
30
README.md
30
README.md
@ -1,12 +1,33 @@
|
||||
# nextcloud-kustom
|
||||
|
||||
**WARNING - test branch, does not respect the target strategy for a production environment**
|
||||
Base include :
|
||||
|
||||
- nextcloud app
|
||||
- postgres
|
||||
- ...
|
||||
|
||||
Default configuration (base directory) :
|
||||
|
||||
- use an external S3,
|
||||
- use local authentication,
|
||||
- use internal K8s certificate,
|
||||
- use postgresSQL
|
||||
|
||||
If you want change, you must do your configuration in the overlays section
|
||||
|
||||
Overlays dev sections install :
|
||||
|
||||
- base
|
||||
- rename namespace to nextcloud-dev
|
||||
- use cert-manager (to install CRDs requirement, check requires/)
|
||||
|
||||
**To install a test cluster on your machine**
|
||||
|
||||
1. Create cluster
|
||||
|
||||
```kind create cluster --config requires/cluster/cluster.yaml```
|
||||
|
||||
2. Install operators and openldap(dev)
|
||||
2. Install operators, cert-manager and openldap(dev)
|
||||
|
||||
```kubectl apply -k requires/```
|
||||
|
||||
@ -18,9 +39,4 @@
|
||||
|
||||
```kubectl apply -k overlays/dev```
|
||||
|
||||
## cert-manager
|
||||
|
||||
Install crds :
|
||||
|
||||
```kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml```
|
||||
|
||||
|
@ -1,9 +0,0 @@
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: L2Advertisement
|
||||
metadata:
|
||||
name: l2-ip-pool-ad
|
||||
namespace: metallb-system
|
||||
spec:
|
||||
ipAddressPools:
|
||||
- main-pool
|
||||
|
@ -1,8 +0,0 @@
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: main-pool
|
||||
namespace: metallb-system
|
||||
spec:
|
||||
addresses:
|
||||
- 172.18.10.100-172.18.10.200
|
@ -1,7 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: metallb-system
|
||||
|
||||
resources:
|
||||
- ipaddresspoool.yaml
|
||||
- advertise.yaml
|
@ -1,627 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: nextcloud-sa
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: status-reader
|
||||
namespace: nextcloud-dev
|
||||
rules:
|
||||
- apiGroups:
|
||||
- batch
|
||||
- v1
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups:
|
||||
- ""
|
||||
- v1
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: status-reader
|
||||
namespace: nextcloud-dev
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: status-reader
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: nextcloud-sa
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
redis-config: |
|
||||
maxmemory 4mb
|
||||
maxmemory-policy volatile-lru
|
||||
appendonly yes
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cm-redis-config
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
NEXTCLOUD_HOST: nxt.serveur.fr
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: host-config
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
MINIO_SERVICE_HOST: minio
|
||||
MINIO_SERVICE_NAME: $(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT)
|
||||
MINIO_SERVICE_PORT: "443"
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nextcloud-env
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
parameters.yaml: |2-
|
||||
#API minio
|
||||
minio_url: 'http://%env(string:MINIO_SERVICE_NAME)%:9000'
|
||||
minio_key: '%env(string:MINIO_KEY)%'
|
||||
minio_secret: '%env(string:MINIO_SECRET)%'
|
||||
minio_bucket: 'nextcloud'
|
||||
minio_root: ''
|
||||
minio_path_style: true
|
||||
minio_secure: false
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nextcloud-parameters
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
poststart-ldap.sh: |
|
||||
#!/bin/sh
|
||||
|
||||
# Vérifiez si LDAP est déjà activé
|
||||
if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then
|
||||
# Activez le module LDAP si ce n'est pas déjà fait
|
||||
su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
|
||||
echo 'activation de ldap'
|
||||
fi
|
||||
|
||||
# Configurez LDAP (configuration minimale)
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapHost --value='ldap.example.com'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapBase --value='dc=example,dc=com'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentName --value='cn=admin,dc=example,dc=com'" www-data
|
||||
su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentPassword --value='your_password'" www-data
|
||||
|
||||
echo 'ldap configured'
|
||||
|
||||
# Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
|
||||
#exec /entrypoint.sh "$@"
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: script-config-ldap
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
custom-script.sh: |-
|
||||
#!/bin/sh
|
||||
|
||||
HOSTS_FILE="/etc/hosts"
|
||||
|
||||
# Ajoutez l'entrée au fichier hosts
|
||||
MINIO_SERVICE_IP="${MINIO_SERVICE_HOST}"
|
||||
MINIO_NAME="${MINIO_SERVICE_NAME}"
|
||||
echo "$MINIO_SERVICE_IP" minio >> $HOSTS_FILE
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: update-config
|
||||
namespace: nextcloud-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
config.env: |
|
||||
ZXhwb3J0IE1JTklPX1JPT1RfVVNFUj0ibWluaW9fcm9vdCIKZXhwb3J0IE1JTklPX1JPT1
|
||||
RfUEFTU1dPUkQ9Ik1pbmlvUm9vdE5vdFNvU2VjcmV0IgpleHBvcnQgTUlOSU9fU1RPUkFH
|
||||
RV9DTEFTU19TVEFOREFSRD0iRUM6MiIKZXhwb3J0IE1JTklPX0JST1dTRVI9Im9uIg==
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: nextcloud-minio-configuration
|
||||
namespace: nextcloud-dev
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
CONSOLE_ACCESS_KEY: bWluaW9fcm9vdA==
|
||||
CONSOLE_SECRET_KEY: TWluaW9Sb290Tm90U29TZWNyZXQ=
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: nextcloud-minio-user
|
||||
namespace: nextcloud-dev
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
name: nextcloud
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
selector:
|
||||
app: nextcloud
|
||||
component: app
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: redis
|
||||
name: redis
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
ports:
|
||||
- port: 6379
|
||||
selector:
|
||||
app: redis
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-config-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-custom-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-data-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-html-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-main-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-themes-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-tmp-pvc
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
volumeMode: Filesystem
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
name: app
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nextcloud
|
||||
component: app
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: POSTGRES_DB
|
||||
value: nextcloud
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: username
|
||||
name: nextcloud-postgres-app
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: nextcloud-postgres-app
|
||||
- name: POSTGRES_HOST
|
||||
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST)
|
||||
- name: NEXTCLOUD_ADMIN_USER
|
||||
value: admincadoles
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD
|
||||
value: CadolesNotSecret
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: '*.cadoles.fr'
|
||||
- name: NEXTCLOUD_INIT_LOCK
|
||||
value: 512M
|
||||
- name: PHP_MEMORY_LIMIT
|
||||
value: 4G
|
||||
- name: PHP_UPLOAD_LIMIT
|
||||
value: 4G
|
||||
- name: POD_INDEX
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: REDIS_HOST
|
||||
value: redis
|
||||
- name: REDIS_HOST_PORT
|
||||
value: "6379"
|
||||
- name: OBJECTSTORE_S3_HOST
|
||||
value: minio:$(MINIO_SERVICE_PORT)
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: nextcloud-minio
|
||||
- name: OBJECTSTORE_S3_KEY
|
||||
value: minio_root
|
||||
- name: OBJECTSTORE_S3_SECRET
|
||||
value: MinioRootNotSoSecret
|
||||
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_SSL
|
||||
value: "true"
|
||||
- name: NEXTCLOUD_DATA_DIR
|
||||
value: /var/www/html/data
|
||||
image: reg.cadoles.com/proxy_cache/library/nextcloud:26.0.1-apache
|
||||
imagePullPolicy: Always
|
||||
lifecycle:
|
||||
postStart:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt
|
||||
&& update-ca-certificates
|
||||
- /etc/script/poststart-ldap.sh
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: nxt.cadoles.fr
|
||||
path: /status.php
|
||||
port: 80
|
||||
initialDelaySeconds: 50
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
name: app
|
||||
ports:
|
||||
- containerPort: 80
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: nxt.cadoles.fr
|
||||
path: /status.php
|
||||
port: 80
|
||||
initialDelaySeconds: 50
|
||||
periodSeconds: 15
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
volumeMounts:
|
||||
- mountPath: /var/www/
|
||||
name: nextcloud-main-volume
|
||||
- mountPath: /var/www/html
|
||||
name: nextcloud-html-volume
|
||||
- mountPath: /var/www/html/data
|
||||
name: nextcloud-data-volume
|
||||
- mountPath: /var/www/html/config
|
||||
name: nextcloud-config-volume
|
||||
- mountPath: /var/www/html/custom_apps
|
||||
name: nextcloud-custom-volume
|
||||
- mountPath: /var/www/tmp
|
||||
name: nextcloud-tmp-volume
|
||||
- mountPath: /var/www/html/themes
|
||||
name: nextcloud-themes-volume
|
||||
- mountPath: /etc/script/poststart-ldap.sh
|
||||
name: script-config-ldap
|
||||
subPath: poststart-ldap.sh
|
||||
- mountPath: /etc/script/custom-script.sh
|
||||
name: update-config-script
|
||||
subPath: custom-script.sh
|
||||
- mountPath: /etc/minio-ccerts
|
||||
name: minio-certs
|
||||
readOnly: true
|
||||
initContainers:
|
||||
- args:
|
||||
- job
|
||||
- create-minio-bucket
|
||||
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
||||
name: wait-for-bootstrap
|
||||
restartPolicy: Always
|
||||
serviceAccountName: nextcloud-sa
|
||||
volumes:
|
||||
- name: minio-certs
|
||||
secret:
|
||||
secretName: nextcloud-minio-tls
|
||||
- configMap:
|
||||
defaultMode: 484
|
||||
name: update-config
|
||||
name: update-config-script
|
||||
- configMap:
|
||||
defaultMode: 484
|
||||
name: script-config-ldap
|
||||
name: script-config-ldap
|
||||
- name: nextcloud-main-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-main-pvc
|
||||
- name: nextcloud-html-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-html-pvc
|
||||
- name: nextcloud-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-data-pvc
|
||||
- name: nextcloud-config-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-config-pvc
|
||||
- name: nextcloud-custom-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-custom-pvc
|
||||
- name: nextcloud-tmp-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-tmp-pvc
|
||||
- name: nextcloud-themes-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: nextcloud-themes-pvc
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: redis
|
||||
name: redis
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: redis
|
||||
spec:
|
||||
containers:
|
||||
- command:
|
||||
- redis-server
|
||||
- /redis-master/redis.conf
|
||||
image: redis:alpine
|
||||
name: redis
|
||||
ports:
|
||||
- containerPort: 6379
|
||||
volumeMounts:
|
||||
- mountPath: /redis-master-data
|
||||
name: data
|
||||
- mountPath: /redis-master
|
||||
name: config
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: data
|
||||
- configMap:
|
||||
items:
|
||||
- key: redis-config
|
||||
path: redis.conf
|
||||
name: cm-redis-config
|
||||
name: config
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: create-minio-bucket
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- |
|
||||
echo "création de l'alias my-minio"
|
||||
mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
|
||||
echo "création du bucket..."
|
||||
mc mb --insecure my-minio/nextcloud-minio
|
||||
echo "Bucket créé. normalement"
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
env:
|
||||
- name: CONSOLE_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: CONSOLE_ACCESS_KEY
|
||||
name: nextcloud-minio-user
|
||||
- name: CONSOLE_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: CONSOLE_SECRET_KEY
|
||||
name: nextcloud-minio-user
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
image: minio/mc
|
||||
name: create-bucket
|
||||
initContainers:
|
||||
- args:
|
||||
- |
|
||||
echo "attente du service minio..."
|
||||
cnt=0
|
||||
tout=300
|
||||
while [ 1 ]
|
||||
do
|
||||
http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}')
|
||||
if [ "${http_code}" != "200" ]; then
|
||||
echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}"
|
||||
sleep 1
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cnt=$((cnt+1))
|
||||
if [ "${cnt}" -ge "${tout}" ]; then
|
||||
exit 3
|
||||
fi
|
||||
done
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-env
|
||||
image: busybox
|
||||
name: wait-for-minio
|
||||
restartPolicy: OnFailure
|
||||
---
|
||||
apiVersion: minio.min.io/v2
|
||||
kind: Tenant
|
||||
metadata:
|
||||
name: nextcloud-minio
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
certConfig:
|
||||
dnsNames:
|
||||
- minio
|
||||
configuration:
|
||||
name: nextcloud-minio-configuration
|
||||
pools:
|
||||
- containerSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
name: pool-0
|
||||
servers: 2
|
||||
volumeClaimTemplate:
|
||||
metadata:
|
||||
name: nextcloud-minio-data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
volumesPerServer: 2
|
||||
users:
|
||||
- name: nextcloud-minio-user
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/cors-allow-headers: X-Forwarded-For
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 138m
|
||||
name: nextcloud
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: nxt.cadoles.fr
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: nextcloud
|
||||
port:
|
||||
number: 80
|
||||
path: /
|
||||
pathType: Prefix
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: nextcloud-postgres
|
||||
namespace: nextcloud-dev
|
||||
spec:
|
||||
bootstrap:
|
||||
initdb:
|
||||
database: nextcloud
|
||||
owner: nextcloud
|
||||
instances: 1
|
||||
primaryUpdateStrategy: unsupervised
|
||||
storage:
|
||||
size: 5Gi
|
@ -1,43 +0,0 @@
|
||||
- op: replace
|
||||
path: /spec/template/spec/containers/0/env/13/value #OBJECTSTORE_S3_HOST
|
||||
value: minio:$(MINIO_SERVICE_PORT)
|
||||
- op: replace
|
||||
path: /spec/template/spec/containers/0/env/14/value #OBJECTSTORE_S3_BUCKET
|
||||
value: nextcloud-minio
|
||||
- op: replace
|
||||
path: /spec/template/spec/containers/0/env/15/value #OBJECTSTORE_S3_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user # kustomize racine
|
||||
key: CONSOLE_ACCESS_KEY
|
||||
- op: replace
|
||||
path: /spec/template/spec/containers/0/env/16/value #OBJECTSTORE_S3_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user # kustomize racine
|
||||
key: CONSOLE_SECRET_KEY
|
||||
- op: replace
|
||||
path: /spec/template/spec/containers/0/env/17/value #OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
- op: replace
|
||||
path: /spec/template/spec/containers/0/env/18/value #OBJECTSTORE_S3_SSL
|
||||
value: "true"
|
||||
|
||||
|
||||
# Partie AWS S3
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: nextcloud-cadoles
|
||||
- name: OBJECTSTORE_S3_HOST
|
||||
value: s3.fr-par.swc.cloud
|
||||
- name: OBJECTSTORE_S3_PORT
|
||||
value: "443"
|
||||
- name: OBJECTSTORE_S3_REGION
|
||||
value: fr-par
|
||||
- name: OBJECTSTORE_S3_KEY # 15
|
||||
value: SCWGDBJ75JYMY2XVRG9A
|
||||
- name: OBJECTSTORE_S3_SECRET
|
||||
value: fd3bfcc2-cd39-453b-acea-5c5f3a241960
|
||||
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_SSL # 18
|
||||
value: "true"
|
Loading…
Reference in New Issue
Block a user