294 lines
9.4 KiB
YAML
294 lines
9.4 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: nextcloud
|
|
component: app
|
|
name: app
|
|
spec:
|
|
# serviceName: nextcloud
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: nextcloud
|
|
component: app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nextcloud
|
|
component: app
|
|
spec:
|
|
containers:
|
|
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
|
|
imagePullPolicy: Always
|
|
name: app
|
|
ports:
|
|
- containerPort: 80
|
|
lifecycle:
|
|
postStart:
|
|
exec:
|
|
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && touch /etc/script/try01.txt"]
|
|
# envFrom:
|
|
# - configMapRef:
|
|
# name: nextcloud-env
|
|
env:
|
|
- name: POSTGRES_DB
|
|
value: nextcloud
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-postgres-app
|
|
key: username
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-postgres-app
|
|
key: password
|
|
- name: POSTGRES_HOST
|
|
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
|
|
- name: NEXTCLOUD_ADMIN_USER
|
|
value: admincadoles
|
|
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
|
|
value: CadolesNotSecret
|
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
|
value: "*.cadoles.fr"
|
|
- name: NEXTCLOUD_INIT_LOCK
|
|
value: "true"
|
|
- name: PHP_MEMORY_LIMIT
|
|
value: 512M
|
|
- name: PHP_UPLOAD_LIMIT
|
|
value: 4G
|
|
- name: POD_INDEX
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: REDIS_HOST
|
|
value: redis # équivaut à redis.nextcloud.svc.cluster.local
|
|
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
|
|
- name: REDIS_HOST_PORT
|
|
value: "6379"
|
|
######################
|
|
# Partie minio S3
|
|
- name: OBJECTSTORE_S3_HOST
|
|
value: minio:$(MINIO_SERVICE_PORT)
|
|
- name: OBJECTSTORE_S3_BUCKET
|
|
value: nextcloud-minio
|
|
- name: OBJECTSTORE_S3_KEY # 15
|
|
value: minio_root
|
|
- name: OBJECTSTORE_S3_SECRET
|
|
value: MinioRootNotSoSecret
|
|
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
|
value: "true"
|
|
- name: OBJECTSTORE_S3_SSL # 18
|
|
value: "true"
|
|
|
|
# # Partie AWS S3 => fonctionnelle sur scaleway
|
|
# - name: OBJECTSTORE_S3_BUCKET
|
|
# value: nextcloud-cadoles
|
|
# - name: OBJECTSTORE_S3_HOST
|
|
# value: s3.fr-par.scw.cloud
|
|
# - name: OBJECTSTORE_S3_PORT
|
|
# value: "443"
|
|
# - name: OBJECTSTORE_S3_REGION
|
|
# value: fr-par
|
|
# - name: OBJECTSTORE_S3_KEY
|
|
# value: MyAPIKey
|
|
# - name: OBJECTSTORE_S3_SECRET
|
|
# value: MyAPISecret
|
|
# - name: OBJECTSTORE_S3_USEPATH_STYLE
|
|
# value: "false"
|
|
# - name: OBJECTSTORE_S3_SSL
|
|
# value: "true"
|
|
# - name: OBJECTSTORE_S3_AUTOCREATE
|
|
# value: "true"
|
|
# - name: OBJECTSTORE_S3_OBJECT_PREFIX
|
|
# value: nxt_
|
|
|
|
# Mise en place SMTP
|
|
- name: MAIL_FROM_ADDRESS
|
|
value: "nextcloud"
|
|
- name: MAIL_DOMAIN
|
|
value: "cadoles.com"
|
|
- name: SMTP_HOST
|
|
value: "groupware.cadoles.com"
|
|
- name: SMTP_SECURE
|
|
value: "STARTTLS"
|
|
- name: SMTP_PORT
|
|
value: "587"
|
|
- name: SMTP_AUTHTYPE
|
|
value: "LOGIN"
|
|
- name: SMTP_NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-smtp
|
|
key: smtp-username
|
|
- name: SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-smtp
|
|
key: smtp-password
|
|
|
|
- name: NEXTCLOUD_DATA_DIR
|
|
value: "/var/www/html/data"
|
|
|
|
# ADD LDAP CONF
|
|
- name: NEXTCLOUD_LDAP_HOST
|
|
value: ldaps://ldap.cadoles.com
|
|
- name: NEXTCLOUD_LDAP_BASE
|
|
value: ou=cadoles,o=gouv,c=fr
|
|
- name: NEXTCLOUD_LDAP_DN
|
|
value: cn=reader,o=gouv,c=fr
|
|
- name: NEXTCLOUD_LDAP_PASSWD
|
|
value: phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae
|
|
- name: NEXTCLOUD_LDAP_BASE_GROUPS
|
|
value: ou=groups,ou=cadoles,o=gouv,c=fr
|
|
- name: NEXTCLOUD_LDAP_BASE_USERS
|
|
value: ou=users,ou=cadoles,o=gouv,c=fr
|
|
- name: NEXTCLOUD_LDAP_ACTIVE_CONF
|
|
value: '1'
|
|
- name: NEXTCLOUD_LDAP_ADMIN_EXP
|
|
value: '0'
|
|
- name: NEXTCLOUD_LDAP_EXP_UUID
|
|
value: cn
|
|
- name: NEXTCLOUD_LDAP_LOGIN_FILTER
|
|
value: (&(objectClass=person)(uid=%uid))
|
|
- name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR
|
|
value: uid
|
|
- name: NEXTCLOUD_LDAP_PORT
|
|
value: '636'
|
|
- name: NEXTCLOUD_LDAP_USR_FILTR
|
|
value: (|(objectclass=person))
|
|
- name: NEXTCLOUD_LDAP_OBJ_FILTR
|
|
value: person
|
|
- name: NEXTCLOUD_LDAP_MAIL_ATTR
|
|
value: mail
|
|
- name: NEXTCLOUD_LDAP_USER_DISP
|
|
value: cn
|
|
- name: NEXTCLOUD_LDAP_GROUP_FILTR
|
|
value: (&(|(objectclass=cadolesGroup)))
|
|
- name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS
|
|
value: cadolesGroup
|
|
- name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO
|
|
value: gidNumber
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /status.php
|
|
port: 80
|
|
httpHeaders:
|
|
- name: Host
|
|
value: nxt.cadoles.fr
|
|
initialDelaySeconds: 50
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /status.php
|
|
port: 80
|
|
httpHeaders:
|
|
- name: Host
|
|
value: nxt.cadoles.fr
|
|
initialDelaySeconds: 50
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
volumeMounts:
|
|
- mountPath: /var/www/
|
|
name: nextcloud-main-volume
|
|
- mountPath: /var/www/html
|
|
name: nextcloud-html-volume
|
|
- mountPath: /var/www/html/data
|
|
name: nextcloud-data-volume
|
|
- mountPath: /var/www/html/config
|
|
name: nextcloud-config-volume
|
|
- mountPath: /var/www/html/custom_apps
|
|
name: nextcloud-custom-volume
|
|
- mountPath: /var/www/tmp
|
|
name: nextcloud-tmp-volume
|
|
- mountPath: /var/www/html/themes
|
|
name: nextcloud-themes-volume
|
|
|
|
# ICI montage pour les script !
|
|
- mountPath: /etc/script/poststart-ldap.sh
|
|
name: script-config-ldap
|
|
subPath: poststart-ldap.sh
|
|
- mountPath: /etc/script/custom-script.sh
|
|
name: update-config-script
|
|
subPath: custom-script.sh
|
|
- mountPath: /etc/minio-ccerts
|
|
name: minio-certs
|
|
readOnly: true
|
|
|
|
# MOUNT-TRY-multi-instance
|
|
# - name: nextcloud-config-volume # monte le fichier de configuration dans
|
|
# mountPath: /var/www/html/config # les instances supplémentaire
|
|
# readOnly: false # via le configmap ConfigMaps-php.yaml
|
|
|
|
restartPolicy: Always
|
|
serviceAccountName: nextcloud-sa # declare user for initcontainer
|
|
|
|
# trois volumes pour les script
|
|
volumes:
|
|
- name: minio-certs
|
|
secret:
|
|
secretName: nextcloud-minio-tls # montage des certificat de minio
|
|
- name: update-config-script
|
|
configMap:
|
|
name: update-config
|
|
defaultMode: 0744
|
|
- name: script-config-ldap
|
|
configMap:
|
|
name: script-config-ldap
|
|
defaultMode: 0744
|
|
|
|
# MOUNT-TRY-multi-instance
|
|
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
|
|
# configMap: # les instances supplémentaires
|
|
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
|
|
|
|
- name: nextcloud-main-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-main-pvc
|
|
- name: nextcloud-html-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-html-pvc
|
|
- name: nextcloud-data-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-data-pvc
|
|
- name: nextcloud-config-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-config-pvc
|
|
- name: nextcloud-custom-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-custom-pvc
|
|
- name: nextcloud-tmp-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-tmp-pvc
|
|
- name: nextcloud-themes-volume
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-themes-pvc
|
|
|
|
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
|
|
- name: wait-for-bootstrap
|
|
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
|
|
args:
|
|
- job
|
|
- $(MINIO_BOOTSTRAP_JOB_NAME)
|
|
|
|
|
|
#####################################################
|
|
# For REDIS-OPERATOR USE THIS TO SET PORT
|
|
#####################################################
|
|
# - name: REDIS_HOST_PORT
|
|
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
|
|
# - name: REDIS_HOST_PASSWORD
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: redis-secret
|
|
# key: password
|
|
#####################################################
|