apiVersion: apps/v1 kind: Deployment metadata: labels: app: nextcloud component: app name: app spec: # serviceName: nextcloud replicas: 1 selector: matchLabels: app: nextcloud component: app template: metadata: labels: app: nextcloud component: app spec: containers: - image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache imagePullPolicy: Always name: app ports: - containerPort: 80 lifecycle: postStart: exec: command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && /etc/script/poststart-plugins.sh && touch /etc/script/try01.txt"] # envFrom: # - configMapRef: # name: nextcloud-env env: - name: POSTGRES_DB value: nextcloud - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-postgres-app key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-postgres-app key: password - name: POSTGRES_HOST value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local - name: NEXTCLOUD_ADMIN_USER value: admincadoles - name: NEXTCLOUD_ADMIN_PASSWORD # 5 value: CadolesNotSecret - name: NEXTCLOUD_TRUSTED_DOMAINS value: "*.cadoles.fr" - name: NEXTCLOUD_INIT_LOCK value: "true" - name: PHP_MEMORY_LIMIT value: 512M - name: PHP_UPLOAD_LIMIT value: 4G - name: POD_INDEX valueFrom: fieldRef: fieldPath: metadata.name - name: REDIS_HOST value: redis # équivaut à redis.nextcloud.svc.cluster.local # value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator - name: REDIS_HOST_PORT value: "6379" ###################### # Partie minio S3 - name: OBJECTSTORE_S3_HOST value: minio:$(MINIO_SERVICE_PORT) - name: OBJECTSTORE_S3_BUCKET value: nextcloud-minio - name: OBJECTSTORE_S3_KEY # 15 value: minio_root - name: OBJECTSTORE_S3_SECRET value: MinioRootNotSoSecret - name: OBJECTSTORE_S3_USEPATH_STYLE value: "true" - name: OBJECTSTORE_S3_SSL # 18 value: "true" # # Partie AWS S3 => fonctionnelle sur scaleway # - name: OBJECTSTORE_S3_BUCKET # value: nextcloud-cadoles # - name: OBJECTSTORE_S3_HOST # value: s3.fr-par.scw.cloud # - name: OBJECTSTORE_S3_PORT # value: "443" # - name: OBJECTSTORE_S3_REGION # value: fr-par # - name: OBJECTSTORE_S3_KEY # value: MyAPIKey # - name: OBJECTSTORE_S3_SECRET # value: MyAPISecret # - name: OBJECTSTORE_S3_USEPATH_STYLE # value: "false" # - name: OBJECTSTORE_S3_SSL # value: "true" # - name: OBJECTSTORE_S3_AUTOCREATE # value: "true" # - name: OBJECTSTORE_S3_OBJECT_PREFIX # value: nxt_ # Mise en place SMTP - name: MAIL_FROM_ADDRESS value: "nextcloud" - name: MAIL_DOMAIN value: "cadoles.com" - name: SMTP_HOST value: "groupware.cadoles.com" - name: SMTP_SECURE value: "STARTTLS" - name: SMTP_PORT value: "587" - name: SMTP_AUTHTYPE value: "LOGIN" - name: SMTP_NAME valueFrom: secretKeyRef: name: nextcloud-smtp key: smtp-username - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: nextcloud-smtp key: smtp-password - name: NEXTCLOUD_DATA_DIR value: "/var/www/html/data" # ADD LDAP CONF - name: NEXTCLOUD_LDAP_HOST value: ldaps://ldap.cadoles.com - name: NEXTCLOUD_LDAP_BASE value: ou=cadoles,o=gouv,c=fr - name: NEXTCLOUD_LDAP_DN value: cn=reader,o=gouv,c=fr - name: NEXTCLOUD_LDAP_PASSWD value: phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae - name: NEXTCLOUD_LDAP_BASE_GROUPS value: ou=groups,ou=cadoles,o=gouv,c=fr - name: NEXTCLOUD_LDAP_BASE_USERS value: ou=users,ou=cadoles,o=gouv,c=fr - name: NEXTCLOUD_LDAP_ACTIVE_CONF value: '1' - name: NEXTCLOUD_LDAP_ADMIN_EXP value: '0' - name: NEXTCLOUD_LDAP_EXP_UUID value: cn - name: NEXTCLOUD_LDAP_LOGIN_FILTER value: (&(objectClass=person)(uid=%uid)) - name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR value: uid - name: NEXTCLOUD_LDAP_PORT value: '636' - name: NEXTCLOUD_LDAP_USR_FILTR value: (|(objectclass=person)) - name: NEXTCLOUD_LDAP_OBJ_FILTR value: person - name: NEXTCLOUD_LDAP_MAIL_ATTR value: mail - name: NEXTCLOUD_LDAP_USER_DISP value: cn - name: NEXTCLOUD_LDAP_GROUP_FILTR value: (&(|(objectclass=cadolesGroup))) - name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS value: cadolesGroup - name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO value: gidNumber livenessProbe: httpGet: path: /status.php port: 80 httpHeaders: - name: Host value: nxt.cadoles.fr initialDelaySeconds: 50 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 readinessProbe: httpGet: path: /status.php port: 80 httpHeaders: - name: Host value: nxt.cadoles.fr initialDelaySeconds: 50 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 volumeMounts: - mountPath: /var/www/ name: nextcloud-main-volume - mountPath: /var/www/html name: nextcloud-html-volume - mountPath: /var/www/html/data name: nextcloud-data-volume - mountPath: /var/www/html/config name: nextcloud-config-volume - mountPath: /var/www/html/custom_apps name: nextcloud-custom-volume - mountPath: /var/www/tmp name: nextcloud-tmp-volume - mountPath: /var/www/html/themes name: nextcloud-themes-volume # ICI montage pour les script ! - mountPath: /etc/script/poststart-ldap.sh name: script-config-ldap subPath: poststart-ldap.sh - mountPath: /etc/script/custom-script.sh name: update-config-script subPath: custom-script.sh - mountPath: /etc/minio-ccerts name: minio-certs readOnly: true # MOUNT-TRY-multi-instance # - name: nextcloud-config-volume # monte le fichier de configuration dans # mountPath: /var/www/html/config # les instances supplémentaire # readOnly: false # via le configmap ConfigMaps-php.yaml restartPolicy: Always serviceAccountName: nextcloud-sa # declare user for initcontainer # trois volumes pour les script volumes: - name: minio-certs secret: secretName: nextcloud-minio-tls # montage des certificat de minio - name: update-config-script configMap: name: update-config defaultMode: 0744 - name: script-config-ldap configMap: name: script-config-ldap defaultMode: 0744 # MOUNT-TRY-multi-instance # - name: nextcloud-config-volume # permet de monter le fichier de configuration dans # configMap: # les instances supplémentaires # name: nextcloud-config # via le configmap ConfigMaps-php.yaml - name: nextcloud-main-volume persistentVolumeClaim: claimName: nextcloud-main-pvc - name: nextcloud-html-volume persistentVolumeClaim: claimName: nextcloud-html-pvc - name: nextcloud-data-volume persistentVolumeClaim: claimName: nextcloud-data-pvc - name: nextcloud-config-volume persistentVolumeClaim: claimName: nextcloud-config-pvc - name: nextcloud-custom-volume persistentVolumeClaim: claimName: nextcloud-custom-pvc - name: nextcloud-tmp-volume persistentVolumeClaim: claimName: nextcloud-tmp-pvc - name: nextcloud-themes-volume persistentVolumeClaim: claimName: nextcloud-themes-pvc initContainers: # cf README.md part ##YAML explain / ### PODS WAIT - name: wait-for-bootstrap image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3 args: - job - $(MINIO_BOOTSTRAP_JOB_NAME) ##################################################### # For REDIS-OPERATOR USE THIS TO SET PORT ##################################################### # - name: REDIS_HOST_PORT # value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT) # - name: REDIS_HOST_PASSWORD # valueFrom: # secretKeyRef: # name: redis-secret # key: password #####################################################