apiVersion: v1 kind: Namespace metadata: name: nextcloud-dev --- apiVersion: v1 kind: ServiceAccount metadata: name: nextcloud-sa namespace: nextcloud-dev --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: status-reader namespace: nextcloud-dev rules: - apiGroups: - batch - v1 resources: - jobs verbs: - get - list - apiGroups: - "" - v1 resources: - secrets verbs: - get - list - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: status-reader namespace: nextcloud-dev roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: status-reader subjects: - kind: ServiceAccount name: nextcloud-sa namespace: nextcloud-dev --- apiVersion: v1 data: redis-config: | maxmemory 4mb maxmemory-policy volatile-lru appendonly yes kind: ConfigMap metadata: name: cm-redis-config namespace: nextcloud-dev --- apiVersion: v1 data: NEXTCLOUD_HOST: nxt.serveur.fr kind: ConfigMap metadata: name: host-config namespace: nextcloud-dev --- apiVersion: v1 data: MINIO_SERVICE_HOST: minio MINIO_SERVICE_NAME: $(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT) MINIO_SERVICE_PORT: "443" kind: ConfigMap metadata: name: nextcloud-env namespace: nextcloud-dev --- apiVersion: v1 data: parameters.yaml: |2- #API minio minio_url: 'http://%env(string:MINIO_SERVICE_NAME)%:9000' minio_key: '%env(string:MINIO_KEY)%' minio_secret: '%env(string:MINIO_SECRET)%' minio_bucket: 'nextcloud' minio_root: '' minio_path_style: true minio_secure: false kind: ConfigMap metadata: name: nextcloud-parameters namespace: nextcloud-dev --- apiVersion: v1 data: poststart-ldap.sh: | #!/bin/sh # Vérifiez si LDAP est déjà activé if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then # Activez le module LDAP si ce n'est pas déjà fait su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data echo 'activation de ldap' fi # Configurez LDAP (configuration minimale) su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapHost --value='ldap.example.com'" www-data su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapBase --value='dc=example,dc=com'" www-data su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentName --value='cn=admin,dc=example,dc=com'" www-data su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentPassword --value='your_password'" www-data echo 'ldap configured' # Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart. #exec /entrypoint.sh "$@" kind: ConfigMap metadata: name: script-config-ldap namespace: nextcloud-dev --- apiVersion: v1 data: custom-script.sh: |- #!/bin/sh HOSTS_FILE="/etc/hosts" # Ajoutez l'entrée au fichier hosts MINIO_SERVICE_IP="${MINIO_SERVICE_HOST}" MINIO_NAME="${MINIO_SERVICE_NAME}" echo "$MINIO_SERVICE_IP" minio >> $HOSTS_FILE kind: ConfigMap metadata: name: update-config namespace: nextcloud-dev --- apiVersion: v1 data: config.env: | ZXhwb3J0IE1JTklPX1JPT1RfVVNFUj0ibWluaW9fcm9vdCIKZXhwb3J0IE1JTklPX1JPT1 RfUEFTU1dPUkQ9Ik1pbmlvUm9vdE5vdFNvU2VjcmV0IgpleHBvcnQgTUlOSU9fU1RPUkFH RV9DTEFTU19TVEFOREFSRD0iRUM6MiIKZXhwb3J0IE1JTklPX0JST1dTRVI9Im9uIg== kind: Secret metadata: name: nextcloud-minio-configuration namespace: nextcloud-dev type: Opaque --- apiVersion: v1 data: CONSOLE_ACCESS_KEY: bWluaW9fcm9vdA== CONSOLE_SECRET_KEY: TWluaW9Sb290Tm90U29TZWNyZXQ= kind: Secret metadata: name: nextcloud-minio-user namespace: nextcloud-dev type: Opaque --- apiVersion: v1 kind: Service metadata: labels: app: nextcloud component: app name: nextcloud namespace: nextcloud-dev spec: ports: - port: 80 selector: app: nextcloud component: app --- apiVersion: v1 kind: Service metadata: labels: app: redis name: redis namespace: nextcloud-dev spec: ports: - port: 6379 selector: app: redis --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-config-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-custom-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-data-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-html-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-main-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-themes-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-tmp-pvc namespace: nextcloud-dev spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi volumeMode: Filesystem --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nextcloud component: app name: app namespace: nextcloud-dev spec: replicas: 1 selector: matchLabels: app: nextcloud component: app template: metadata: labels: app: nextcloud component: app spec: containers: - env: - name: POSTGRES_DB value: nextcloud - name: POSTGRES_USER valueFrom: secretKeyRef: key: username name: nextcloud-postgres-app - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: key: password name: nextcloud-postgres-app - name: POSTGRES_HOST value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) - name: NEXTCLOUD_ADMIN_USER value: admincadoles - name: NEXTCLOUD_ADMIN_PASSWORD value: CadolesNotSecret - name: NEXTCLOUD_TRUSTED_DOMAINS value: '*.cadoles.fr' - name: NEXTCLOUD_INIT_LOCK value: 512M - name: PHP_MEMORY_LIMIT value: 4G - name: PHP_UPLOAD_LIMIT value: 4G - name: POD_INDEX valueFrom: fieldRef: fieldPath: metadata.name - name: REDIS_HOST value: redis - name: REDIS_HOST_PORT value: "6379" - name: OBJECTSTORE_S3_HOST value: minio:$(MINIO_SERVICE_PORT) - name: OBJECTSTORE_S3_BUCKET value: nextcloud-minio - name: OBJECTSTORE_S3_KEY value: minio_root - name: OBJECTSTORE_S3_SECRET value: MinioRootNotSoSecret - name: OBJECTSTORE_S3_USEPATH_STYLE value: "true" - name: OBJECTSTORE_S3_SSL value: "true" - name: NEXTCLOUD_DATA_DIR value: /var/www/html/data image: reg.cadoles.com/proxy_cache/library/nextcloud:26.0.1-apache imagePullPolicy: Always lifecycle: postStart: exec: command: - /bin/sh - -c - cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates - /etc/script/poststart-ldap.sh livenessProbe: failureThreshold: 5 httpGet: httpHeaders: - name: Host value: nxt.cadoles.fr path: /status.php port: 80 initialDelaySeconds: 50 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 name: app ports: - containerPort: 80 readinessProbe: failureThreshold: 5 httpGet: httpHeaders: - name: Host value: nxt.cadoles.fr path: /status.php port: 80 initialDelaySeconds: 50 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 volumeMounts: - mountPath: /var/www/ name: nextcloud-main-volume - mountPath: /var/www/html name: nextcloud-html-volume - mountPath: /var/www/html/data name: nextcloud-data-volume - mountPath: /var/www/html/config name: nextcloud-config-volume - mountPath: /var/www/html/custom_apps name: nextcloud-custom-volume - mountPath: /var/www/tmp name: nextcloud-tmp-volume - mountPath: /var/www/html/themes name: nextcloud-themes-volume - mountPath: /etc/script/poststart-ldap.sh name: script-config-ldap subPath: poststart-ldap.sh - mountPath: /etc/script/custom-script.sh name: update-config-script subPath: custom-script.sh - mountPath: /etc/minio-ccerts name: minio-certs readOnly: true initContainers: - args: - job - create-minio-bucket image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3 name: wait-for-bootstrap restartPolicy: Always serviceAccountName: nextcloud-sa volumes: - name: minio-certs secret: secretName: nextcloud-minio-tls - configMap: defaultMode: 484 name: update-config name: update-config-script - configMap: defaultMode: 484 name: script-config-ldap name: script-config-ldap - name: nextcloud-main-volume persistentVolumeClaim: claimName: nextcloud-main-pvc - name: nextcloud-html-volume persistentVolumeClaim: claimName: nextcloud-html-pvc - name: nextcloud-data-volume persistentVolumeClaim: claimName: nextcloud-data-pvc - name: nextcloud-config-volume persistentVolumeClaim: claimName: nextcloud-config-pvc - name: nextcloud-custom-volume persistentVolumeClaim: claimName: nextcloud-custom-pvc - name: nextcloud-tmp-volume persistentVolumeClaim: claimName: nextcloud-tmp-pvc - name: nextcloud-themes-volume persistentVolumeClaim: claimName: nextcloud-themes-pvc --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: redis name: redis namespace: nextcloud-dev spec: replicas: 1 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: containers: - command: - redis-server - /redis-master/redis.conf image: redis:alpine name: redis ports: - containerPort: 6379 volumeMounts: - mountPath: /redis-master-data name: data - mountPath: /redis-master name: config restartPolicy: Always volumes: - emptyDir: {} name: data - configMap: items: - key: redis-config path: redis.conf name: cm-redis-config name: config --- apiVersion: batch/v1 kind: Job metadata: name: create-minio-bucket namespace: nextcloud-dev spec: template: spec: containers: - args: - | echo "création de l'alias my-minio" mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY} echo "création du bucket..." mc mb --insecure my-minio/nextcloud-minio echo "Bucket créé. normalement" command: - sh - -c env: - name: CONSOLE_ACCESS_KEY valueFrom: secretKeyRef: key: CONSOLE_ACCESS_KEY name: nextcloud-minio-user - name: CONSOLE_SECRET_KEY valueFrom: secretKeyRef: key: CONSOLE_SECRET_KEY name: nextcloud-minio-user envFrom: - configMapRef: name: nextcloud-env image: minio/mc name: create-bucket initContainers: - args: - | echo "attente du service minio..." cnt=0 tout=300 while [ 1 ] do http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}') if [ "${http_code}" != "200" ]; then echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}" sleep 1 else exit 0 fi cnt=$((cnt+1)) if [ "${cnt}" -ge "${tout}" ]; then exit 3 fi done command: - sh - -c envFrom: - configMapRef: name: nextcloud-env image: busybox name: wait-for-minio restartPolicy: OnFailure --- apiVersion: minio.min.io/v2 kind: Tenant metadata: name: nextcloud-minio namespace: nextcloud-dev spec: certConfig: dnsNames: - minio configuration: name: nextcloud-minio-configuration pools: - containerSecurityContext: runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 name: pool-0 servers: 2 volumeClaimTemplate: metadata: name: nextcloud-minio-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi volumesPerServer: 2 users: - name: nextcloud-minio-user --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/cors-allow-headers: X-Forwarded-For nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-body-size: 138m name: nextcloud namespace: nextcloud-dev spec: ingressClassName: nginx rules: - host: nxt.cadoles.fr http: paths: - backend: service: name: nextcloud port: number: 80 path: / pathType: Prefix --- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: nextcloud-postgres namespace: nextcloud-dev spec: bootstrap: initdb: database: nextcloud owner: nextcloud instances: 1 primaryUpdateStrategy: unsupervised storage: size: 5Gi