nextcloud-kustom/overlays/dev/patches/deployment.yaml
2023-09-05 17:05:09 +02:00

294 lines
9.4 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nextcloud
component: app
name: app
spec:
# serviceName: nextcloud
replicas: 1
selector:
matchLabels:
app: nextcloud
component: app
template:
metadata:
labels:
app: nextcloud
component: app
spec:
containers:
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
imagePullPolicy: Always
name: app
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && touch /etc/script/try01.txt"]
# envFrom:
# - configMapRef:
# name: nextcloud-env
env:
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-postgres-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-postgres-app
key: password
- name: POSTGRES_HOST
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
- name: NEXTCLOUD_ADMIN_USER
value: admincadoles
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
value: CadolesNotSecret
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "*.cadoles.fr"
- name: NEXTCLOUD_INIT_LOCK
value: "true"
- name: PHP_MEMORY_LIMIT
value: 512M
- name: PHP_UPLOAD_LIMIT
value: 4G
- name: POD_INDEX
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: REDIS_HOST
value: redis # équivaut à redis.nextcloud.svc.cluster.local
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
- name: REDIS_HOST_PORT
value: "6379"
######################
# Partie minio S3
- name: OBJECTSTORE_S3_HOST
value: minio:$(MINIO_SERVICE_PORT)
- name: OBJECTSTORE_S3_BUCKET
value: nextcloud-minio
- name: OBJECTSTORE_S3_KEY # 15
value: minio_root
- name: OBJECTSTORE_S3_SECRET
value: MinioRootNotSoSecret
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_SSL # 18
value: "true"
# # Partie AWS S3 => fonctionnelle sur scaleway
# - name: OBJECTSTORE_S3_BUCKET
# value: nextcloud-cadoles
# - name: OBJECTSTORE_S3_HOST
# value: s3.fr-par.scw.cloud
# - name: OBJECTSTORE_S3_PORT
# value: "443"
# - name: OBJECTSTORE_S3_REGION
# value: fr-par
# - name: OBJECTSTORE_S3_KEY
# value: MyAPIKey
# - name: OBJECTSTORE_S3_SECRET
# value: MyAPISecret
# - name: OBJECTSTORE_S3_USEPATH_STYLE
# value: "false"
# - name: OBJECTSTORE_S3_SSL
# value: "true"
# - name: OBJECTSTORE_S3_AUTOCREATE
# value: "true"
# - name: OBJECTSTORE_S3_OBJECT_PREFIX
# value: nxt_
# Mise en place SMTP
- name: MAIL_FROM_ADDRESS
value: "nextcloud"
- name: MAIL_DOMAIN
value: "cadoles.com"
- name: SMTP_HOST
value: "groupware.cadoles.com"
- name: SMTP_SECURE
value: "STARTTLS"
- name: SMTP_PORT
value: "587"
- name: SMTP_AUTHTYPE
value: "LOGIN"
- name: SMTP_NAME
valueFrom:
secretKeyRef:
name: nextcloud-smtp
key: smtp-username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-smtp
key: smtp-password
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
# ADD LDAP CONF
- name: NEXTCLOUD_LDAP_HOST
value: ldaps://ldap.cadoles.com
- name: NEXTCLOUD_LDAP_BASE
value: ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_DN
value: cn=reader,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_PASSWD
value: phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae
- name: NEXTCLOUD_LDAP_BASE_GROUPS
value: ou=groups,ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_BASE_USERS
value: ou=users,ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_ACTIVE_CONF
value: '1'
- name: NEXTCLOUD_LDAP_ADMIN_EXP
value: '0'
- name: NEXTCLOUD_LDAP_EXP_UUID
value: cn
- name: NEXTCLOUD_LDAP_LOGIN_FILTER
value: (&(objectClass=person)(uid=%uid))
- name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR
value: uid
- name: NEXTCLOUD_LDAP_PORT
value: '636'
- name: NEXTCLOUD_LDAP_USR_FILTR
value: (|(objectclass=person))
- name: NEXTCLOUD_LDAP_OBJ_FILTR
value: person
- name: NEXTCLOUD_LDAP_MAIL_ATTR
value: mail
- name: NEXTCLOUD_LDAP_USER_DISP
value: cn
- name: NEXTCLOUD_LDAP_GROUP_FILTR
value: (&(|(objectclass=cadolesGroup)))
- name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS
value: cadolesGroup
- name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO
value: gidNumber
livenessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: nxt.cadoles.fr
initialDelaySeconds: 50
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: nxt.cadoles.fr
initialDelaySeconds: 50
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
volumeMounts:
- mountPath: /var/www/
name: nextcloud-main-volume
- mountPath: /var/www/html
name: nextcloud-html-volume
- mountPath: /var/www/html/data
name: nextcloud-data-volume
- mountPath: /var/www/html/config
name: nextcloud-config-volume
- mountPath: /var/www/html/custom_apps
name: nextcloud-custom-volume
- mountPath: /var/www/tmp
name: nextcloud-tmp-volume
- mountPath: /var/www/html/themes
name: nextcloud-themes-volume
# ICI montage pour les script !
- mountPath: /etc/script/poststart-ldap.sh
name: script-config-ldap
subPath: poststart-ldap.sh
- mountPath: /etc/script/custom-script.sh
name: update-config-script
subPath: custom-script.sh
- mountPath: /etc/minio-ccerts
name: minio-certs
readOnly: true
# MOUNT-TRY-multi-instance
# - name: nextcloud-config-volume # monte le fichier de configuration dans
# mountPath: /var/www/html/config # les instances supplémentaire
# readOnly: false # via le configmap ConfigMaps-php.yaml
restartPolicy: Always
serviceAccountName: nextcloud-sa # declare user for initcontainer
# trois volumes pour les script
volumes:
- name: minio-certs
secret:
secretName: nextcloud-minio-tls # montage des certificat de minio
- name: update-config-script
configMap:
name: update-config
defaultMode: 0744
- name: script-config-ldap
configMap:
name: script-config-ldap
defaultMode: 0744
# MOUNT-TRY-multi-instance
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
# configMap: # les instances supplémentaires
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
- name: nextcloud-main-volume
persistentVolumeClaim:
claimName: nextcloud-main-pvc
- name: nextcloud-html-volume
persistentVolumeClaim:
claimName: nextcloud-html-pvc
- name: nextcloud-data-volume
persistentVolumeClaim:
claimName: nextcloud-data-pvc
- name: nextcloud-config-volume
persistentVolumeClaim:
claimName: nextcloud-config-pvc
- name: nextcloud-custom-volume
persistentVolumeClaim:
claimName: nextcloud-custom-pvc
- name: nextcloud-tmp-volume
persistentVolumeClaim:
claimName: nextcloud-tmp-pvc
- name: nextcloud-themes-volume
persistentVolumeClaim:
claimName: nextcloud-themes-pvc
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
- name: wait-for-bootstrap
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
args:
- job
- $(MINIO_BOOTSTRAP_JOB_NAME)
#####################################################
# For REDIS-OPERATOR USE THIS TO SET PORT
#####################################################
# - name: REDIS_HOST_PORT
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
# - name: REDIS_HOST_PASSWORD
# valueFrom:
# secretKeyRef:
# name: redis-secret
# key: password
#####################################################