feat(plugins): adding default apps install with env
New configmap cm-plugin-scripts uses NEXTCLOUD_PLUGIN_LIST env to install apps This script is runned on each pod "start"
This commit is contained in:
parent
42f438d5a2
commit
825a081839
overlays/dev
@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: nextcloud-dev
|
||||
|
||||
#namePrefix: dev-
|
||||
|
||||
configurations:
|
||||
- ./resources/files/minio/configurations/tenants.minio.min.io.yaml
|
||||
|
||||
@ -13,6 +11,7 @@ resources:
|
||||
- resources/nextcloud/namespace.yaml
|
||||
- resources/nextcloud/ssl.yaml
|
||||
- resources/nextcloud/cm-ldap-script.yaml
|
||||
- resources/nextcloud/cm-plugins-script.yaml
|
||||
- resources/nextcloud/minio-tenant.yaml
|
||||
- resources/nextcloud/job-minio.yaml
|
||||
|
||||
@ -20,51 +19,60 @@ patches:
|
||||
- path: patches/deployment.yaml
|
||||
- path: patches/nginx-ingress.yaml
|
||||
- path: patches/ConfigMap-redis.yaml
|
||||
- path: patches/nextcloud-env.yaml
|
||||
target:
|
||||
kind: ConfigMap
|
||||
name: nextcloud-env
|
||||
version: v1
|
||||
|
||||
|
||||
# PARTIE MINIO
|
||||
|
||||
# secret re-généré
|
||||
#secretGenerator:
|
||||
#- name: db-user-pass
|
||||
# envs:
|
||||
# - ./resources/files/minio/config.env
|
||||
#- path: patches/nextcloud-env.yaml
|
||||
# target:
|
||||
# kind: ConfigMap
|
||||
# name: nextcloud-env
|
||||
# version: v1
|
||||
|
||||
secretGenerator:
|
||||
#Voir https://github.com/minio/operator/issues/856
|
||||
- name: nextcloud-minio-user
|
||||
literals:
|
||||
- CONSOLE_ACCESS_KEY=minio_root
|
||||
- CONSOLE_SECRET_KEY=MinioRootNotSoSecret
|
||||
- name: nextcloud-minio-configuration
|
||||
files:
|
||||
- ./resources/files/minio/config.env # A modifier si modification mot de passe et user CONSOLE [ACCESS-SECRET]
|
||||
|
||||
# ajout de Variable, et redéfinition de certaines
|
||||
configMapGenerator:
|
||||
#- name: nextcloud-parameters
|
||||
# files:
|
||||
# - ./resources/files/parameters.yaml
|
||||
#- name: nextcloud-env
|
||||
# behavior: replace
|
||||
# literals:
|
||||
# - MINIO_SERVICE_NAME=$(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT)
|
||||
# - MINIO_SERVICE_HOST=minio
|
||||
# - MINIO_SERVICE_PORT=443
|
||||
# options:
|
||||
# disableNameSuffixHash: true
|
||||
- ./resources/files/minio/config.env
|
||||
- name: nextcloud-smtp
|
||||
behavior: replace
|
||||
literals:
|
||||
- smtp-username=ouchemail
|
||||
- smtp-password=HjkEHJ2676yiu2
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
configMapGenerator:
|
||||
- name: nextcloud-env
|
||||
behavior: merge
|
||||
literals:
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS="*.cadoles.lan"
|
||||
- OBJECTSTORE_S3_AUTOCREATE="true"
|
||||
- OBJECTSTORE_S3_HOST=minio
|
||||
- OBJECTSTORE_S3_PORT=443
|
||||
- OBJECTSTORE_S3_BUCKET=nextcloud-minio
|
||||
- OBJECTSTORE_S3_USEPATH_STYLE="true"
|
||||
- OBJECTSTORE_S3_SSL="true"
|
||||
- NEXTCLOUD_LDAP_HOST="ldaps://ldap.cadoles.com"
|
||||
- NEXTCLOUD_LDAP_BASE="ou=cadoles,o=gouv,c=fr"
|
||||
- NEXTCLOUD_LDAP_DN="cn=reader,o=gouv,c=fr"
|
||||
- NEXTCLOUD_LDAP_PASSWD="phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae"
|
||||
- NEXTCLOUD_LDAP_BASE_GROUPS="ou=groups,ou=cadoles,o=gouv,c=fr"
|
||||
- NEXTCLOUD_LDAP_BASE_USERS="ou=users,ou=cadoles,o=gouv,c=fr"
|
||||
- NEXTCLOUD_LDAP_ACTIVE_CONF='1'
|
||||
- NEXTCLOUD_LDAP_ADMIN_EXP='0'
|
||||
- NEXTCLOUD_LDAP_EXP_UUID="cn"
|
||||
- NEXTCLOUD_LDAP_LOGIN_FILTER="(&(objectClass=person)(uid=%uid))"
|
||||
- NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR="uid"
|
||||
- NEXTCLOUD_LDAP_PORT='636'
|
||||
- NEXTCLOUD_LDAP_USR_FILTR="(|(objectclass=person))"
|
||||
- NEXTCLOUD_LDAP_OBJ_FILTR="person"
|
||||
- NEXTCLOUD_LDAP_MAIL_ATTR="mail"
|
||||
- NEXTCLOUD_LDAP_USER_DISP="cn"
|
||||
- NEXTCLOUD_LDAP_GROUP_FILTR="(&(|(objectclass=cadolesGroup)))"
|
||||
- NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS="cadolesGroup"
|
||||
- NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO="gidNumber"
|
||||
- NEXTCLOUD_PLUGIN_LIST="groupfolders drawio calendar quicknotes richdocuments richdocumentscode polls keeweb"
|
||||
|
||||
vars: # génération d'information pour wait-for-bootstrap du pod nextcloud
|
||||
- name: MINIO_BOOTSTRAP_JOB_NAME
|
||||
objref:
|
||||
|
@ -14,21 +14,10 @@ spec:
|
||||
- $(MINIO_BOOTSTRAP_JOB_NAME)
|
||||
containers:
|
||||
- name: nextcloud
|
||||
#envFrom:
|
||||
#- configMapRef:
|
||||
# name: nextcloud-env-update
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-postgres-app
|
||||
key: username
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-postgres-app
|
||||
key: password
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: nxt-minio
|
||||
- name: OBJECTSTORE_S3_AUTOCREATE
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -39,14 +28,6 @@ spec:
|
||||
secretKeyRef:
|
||||
name: nextcloud-minio-user
|
||||
key: CONSOLE_SECRET_KEY
|
||||
- name: OBJECTSTORE_S3_HOST
|
||||
value: minio:$(MINIO_SERVICE_PORT)
|
||||
- name: OBJECTSTORE_S3_PORT
|
||||
value: "443"
|
||||
- name: OBJECTSTORE_S3_SSL
|
||||
value: "true"
|
||||
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@ -76,6 +57,9 @@ spec:
|
||||
- mountPath: /docker-entrypoint-hooks.d/post-installation/ldap.sh
|
||||
name: script-config-ldap
|
||||
subPath: poststart-ldap.sh
|
||||
- mountPath: /docker-entrypoint-hooks.d/before-starting/plugins.sh
|
||||
name: script-config-plugins
|
||||
subPath: poststart-plugins.sh
|
||||
- mountPath: /etc/minio-ccerts
|
||||
name: minio-certs
|
||||
readOnly: true
|
||||
@ -87,5 +71,9 @@ spec:
|
||||
configMap:
|
||||
name: script-config-ldap
|
||||
defaultMode: 0755
|
||||
- name: script-config-plugins
|
||||
configMap:
|
||||
name: script-config-plugins
|
||||
defaultMode: 0755
|
||||
restartPolicy: Always
|
||||
serviceAccountName: nextcloud-sa
|
||||
|
34
overlays/dev/resources/nextcloud/cm-plugins-script.yaml
Normal file
34
overlays/dev/resources/nextcloud/cm-plugins-script.yaml
Normal file
@ -0,0 +1,34 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: script-config-plugins
|
||||
data:
|
||||
poststart-plugins.sh: |
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
(
|
||||
if ! flock -n 7; then
|
||||
echo "Another process is installing plugins. waiting"
|
||||
flock 7
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Installing default apps"
|
||||
plugin_list="${NEXTCLOUD_PLUGIN_LIST}"
|
||||
OPTS=""
|
||||
occ="/var/www/html/occ"
|
||||
|
||||
installed_apps=$(mktemp)
|
||||
/bin/sh -c "${occ} app:list" | awk '!/Enabled|Disabled/ {print substr($2, 1, length($2)-1)}' > "${installed_apps}"
|
||||
|
||||
for plugin in ${plugin_list}; do
|
||||
if ! grep -q "${plugin}" "${installed_apps}"; then
|
||||
/bin/sh -c "${occ} ${OPTS} app:install ${plugin}"
|
||||
/bin/sh -c "${occ} ${OPTS} app:update ${plugin}"
|
||||
/bin/sh -c "${occ} ${OPTS} app:enable ${plugin}"
|
||||
else
|
||||
echo "${plugin} allready installed"
|
||||
fi
|
||||
done
|
||||
) 7> /var/www/html/nextcloud-plugin-install.lock
|
||||
echo "Apps installation finished"
|
Loading…
Reference in New Issue
Block a user