feat(plugins): adding default apps install with env

New configmap cm-plugin-scripts uses NEXTCLOUD_PLUGIN_LIST env
to install apps

This script is runned on each pod "start"
This commit is contained in:
Philippe Caseiro 2023-09-18 15:25:51 +02:00
parent 42f438d5a2
commit 825a081839
3 changed files with 84 additions and 54 deletions

View File

@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: nextcloud-dev
#namePrefix: dev-
configurations:
- ./resources/files/minio/configurations/tenants.minio.min.io.yaml
@ -13,6 +11,7 @@ resources:
- resources/nextcloud/namespace.yaml
- resources/nextcloud/ssl.yaml
- resources/nextcloud/cm-ldap-script.yaml
- resources/nextcloud/cm-plugins-script.yaml
- resources/nextcloud/minio-tenant.yaml
- resources/nextcloud/job-minio.yaml
@ -20,51 +19,60 @@ patches:
- path: patches/deployment.yaml
- path: patches/nginx-ingress.yaml
- path: patches/ConfigMap-redis.yaml
- path: patches/nextcloud-env.yaml
target:
kind: ConfigMap
name: nextcloud-env
version: v1
# PARTIE MINIO
# secret re-généré
#secretGenerator:
#- name: db-user-pass
# envs:
# - ./resources/files/minio/config.env
#- path: patches/nextcloud-env.yaml
# target:
# kind: ConfigMap
# name: nextcloud-env
# version: v1
secretGenerator:
#Voir https://github.com/minio/operator/issues/856
- name: nextcloud-minio-user
literals:
- CONSOLE_ACCESS_KEY=minio_root
- CONSOLE_SECRET_KEY=MinioRootNotSoSecret
- name: nextcloud-minio-configuration
files:
- ./resources/files/minio/config.env # A modifier si modification mot de passe et user CONSOLE [ACCESS-SECRET]
# ajout de Variable, et redéfinition de certaines
configMapGenerator:
#- name: nextcloud-parameters
# files:
# - ./resources/files/parameters.yaml
#- name: nextcloud-env
# behavior: replace
# literals:
# - MINIO_SERVICE_NAME=$(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT)
# - MINIO_SERVICE_HOST=minio
# - MINIO_SERVICE_PORT=443
# options:
# disableNameSuffixHash: true
- ./resources/files/minio/config.env
- name: nextcloud-smtp
behavior: replace
literals:
- smtp-username=ouchemail
- smtp-password=HjkEHJ2676yiu2
options:
disableNameSuffixHash: true
configMapGenerator:
- name: nextcloud-env
behavior: merge
literals:
- NEXTCLOUD_TRUSTED_DOMAINS="*.cadoles.lan"
- OBJECTSTORE_S3_AUTOCREATE="true"
- OBJECTSTORE_S3_HOST=minio
- OBJECTSTORE_S3_PORT=443
- OBJECTSTORE_S3_BUCKET=nextcloud-minio
- OBJECTSTORE_S3_USEPATH_STYLE="true"
- OBJECTSTORE_S3_SSL="true"
- NEXTCLOUD_LDAP_HOST="ldaps://ldap.cadoles.com"
- NEXTCLOUD_LDAP_BASE="ou=cadoles,o=gouv,c=fr"
- NEXTCLOUD_LDAP_DN="cn=reader,o=gouv,c=fr"
- NEXTCLOUD_LDAP_PASSWD="phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae"
- NEXTCLOUD_LDAP_BASE_GROUPS="ou=groups,ou=cadoles,o=gouv,c=fr"
- NEXTCLOUD_LDAP_BASE_USERS="ou=users,ou=cadoles,o=gouv,c=fr"
- NEXTCLOUD_LDAP_ACTIVE_CONF='1'
- NEXTCLOUD_LDAP_ADMIN_EXP='0'
- NEXTCLOUD_LDAP_EXP_UUID="cn"
- NEXTCLOUD_LDAP_LOGIN_FILTER="(&(objectClass=person)(uid=%uid))"
- NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR="uid"
- NEXTCLOUD_LDAP_PORT='636'
- NEXTCLOUD_LDAP_USR_FILTR="(|(objectclass=person))"
- NEXTCLOUD_LDAP_OBJ_FILTR="person"
- NEXTCLOUD_LDAP_MAIL_ATTR="mail"
- NEXTCLOUD_LDAP_USER_DISP="cn"
- NEXTCLOUD_LDAP_GROUP_FILTR="(&(|(objectclass=cadolesGroup)))"
- NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS="cadolesGroup"
- NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO="gidNumber"
- NEXTCLOUD_PLUGIN_LIST="groupfolders drawio calendar quicknotes richdocuments richdocumentscode polls keeweb"
vars: # génération d'information pour wait-for-bootstrap du pod nextcloud
- name: MINIO_BOOTSTRAP_JOB_NAME
objref:

View File

@ -14,21 +14,10 @@ spec:
- $(MINIO_BOOTSTRAP_JOB_NAME)
containers:
- name: nextcloud
#envFrom:
#- configMapRef:
# name: nextcloud-env-update
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-postgres-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-postgres-app
key: password
- name: OBJECTSTORE_S3_BUCKET
value: nxt-minio
- name: OBJECTSTORE_S3_AUTOCREATE
value: "true"
- name: OBJECTSTORE_S3_KEY
valueFrom:
secretKeyRef:
@ -39,14 +28,6 @@ spec:
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_SECRET_KEY
- name: OBJECTSTORE_S3_HOST
value: minio:$(MINIO_SERVICE_PORT)
- name: OBJECTSTORE_S3_PORT
value: "443"
- name: OBJECTSTORE_S3_SSL
value: "true"
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
livenessProbe:
httpGet:
@ -76,6 +57,9 @@ spec:
- mountPath: /docker-entrypoint-hooks.d/post-installation/ldap.sh
name: script-config-ldap
subPath: poststart-ldap.sh
- mountPath: /docker-entrypoint-hooks.d/before-starting/plugins.sh
name: script-config-plugins
subPath: poststart-plugins.sh
- mountPath: /etc/minio-ccerts
name: minio-certs
readOnly: true
@ -87,5 +71,9 @@ spec:
configMap:
name: script-config-ldap
defaultMode: 0755
- name: script-config-plugins
configMap:
name: script-config-plugins
defaultMode: 0755
restartPolicy: Always
serviceAccountName: nextcloud-sa

View File

@ -0,0 +1,34 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: script-config-plugins
data:
poststart-plugins.sh: |
#!/bin/sh
set -eu
(
if ! flock -n 7; then
echo "Another process is installing plugins. waiting"
flock 7
exit 0
fi
echo "Installing default apps"
plugin_list="${NEXTCLOUD_PLUGIN_LIST}"
OPTS=""
occ="/var/www/html/occ"
installed_apps=$(mktemp)
/bin/sh -c "${occ} app:list" | awk '!/Enabled|Disabled/ {print substr($2, 1, length($2)-1)}' > "${installed_apps}"
for plugin in ${plugin_list}; do
if ! grep -q "${plugin}" "${installed_apps}"; then
/bin/sh -c "${occ} ${OPTS} app:install ${plugin}"
/bin/sh -c "${occ} ${OPTS} app:update ${plugin}"
/bin/sh -c "${occ} ${OPTS} app:enable ${plugin}"
else
echo "${plugin} allready installed"
fi
done
) 7> /var/www/html/nextcloud-plugin-install.lock
echo "Apps installation finished"