243 lines
6.1 KiB
YAML
243 lines
6.1 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ .Release.Name }}-postgres
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: {{ .Release.Name }}-postgres
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ .Release.Name }}-postgres
|
|
spec:
|
|
containers:
|
|
- name: postgres
|
|
image: postgres:13
|
|
ports:
|
|
- containerPort: 5432
|
|
envFrom:
|
|
- secretRef:
|
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
|
|
|
volumeMounts:
|
|
- name: postgres-data
|
|
mountPath: "/var/lib/postgresql/data"
|
|
subPath: postgres
|
|
volumes:
|
|
- name: postgres-data
|
|
persistentVolumeClaim:
|
|
claimName: {{ tpl .Values.identifier . }}-postgres-data
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: {{ .Release.Name }}-postgres
|
|
labels:
|
|
app: {{ .Release.Name }}-postgres
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 5432
|
|
name: postgres
|
|
selector:
|
|
app: {{ .Release.Name }}-postgres
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ .Release.Name }}-nextcloud
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: {{ .Release.Name }}-nextcloud
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ .Release.Name }}-nextcloud
|
|
spec:
|
|
initContainers:
|
|
- name: wait-for-cert
|
|
image: busybox
|
|
command:
|
|
- sh
|
|
- -c
|
|
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
- name: copy-php
|
|
image: nextcloud:20-fpm
|
|
command: [ "/bin/sh" ]
|
|
args:
|
|
- -c
|
|
- "/entrypoint.sh; rsync -a -v /var/www/html/ /var/www/nextcloud"
|
|
volumeMounts:
|
|
- name: nextcloud-php
|
|
mountPath: "/var/www/nextcloud"
|
|
containers:
|
|
- name: nginx
|
|
image: nginx:1.21-alpine
|
|
ports:
|
|
- containerPort: 443
|
|
volumeMounts:
|
|
- name: nginx-config
|
|
mountPath: "/etc/nginx/conf.d/"
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
- name: nextcloud-php
|
|
mountPath: "/var/www/nextcloud"
|
|
- name: nextcloud
|
|
image: nextcloud:20-fpm
|
|
ports:
|
|
- containerPort: 9000
|
|
env:
|
|
- name: POSTGRES_DB
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
|
key: POSTGRES_DB
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
|
key: POSTGRES_USER
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
|
key: POSTGRES_PASSWORD
|
|
- name: POSTGRES_HOST
|
|
value: {{ .Release.Name }}-postgres
|
|
- name: NEXTCLOUD_DATA_DIR
|
|
value: "/data"
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: "/data"
|
|
- name: nextcloud-php
|
|
mountPath: "/var/www/nextcloud"
|
|
volumes:
|
|
- name: etcletsencrypt
|
|
persistentVolumeClaim:
|
|
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: {{ tpl .Values.identifier . }}-data
|
|
- name: postgres-data
|
|
persistentVolumeClaim:
|
|
claimName: {{ tpl .Values.identifier . }}-postgres-data
|
|
- name: nginx-config
|
|
configMap:
|
|
name: {{ tpl .Values.identifier . }}-nginx-config
|
|
- name: nextcloud-php
|
|
emptyDir: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}
|
|
labels:
|
|
app: {{ tpl .Values.identifier . }}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 22
|
|
name: ssh
|
|
# Required for letsencrypt
|
|
- port: 80
|
|
name: http
|
|
- port: 443
|
|
name: https
|
|
selector:
|
|
app: {{ .Release.Name }}-nextcloud
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 50Mi
|
|
storageClassName: rook-cephfs
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}-data
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: rook-cephfs
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}-postgres-data
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 500Mi
|
|
storageClassName: rook-ceph-block
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}-getcert
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ .Release.Name }}-nextcloud
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: certbot
|
|
image: ungleich/ungleich-certbot
|
|
ports:
|
|
- containerPort: 80
|
|
env:
|
|
- name: DOMAIN
|
|
value: "{{ tpl .Values.fqdn . }}"
|
|
- name: EMAIL
|
|
value: "{{ .Values.email }}"
|
|
{{ if eq .Values.letsencryptStaging "no" }}
|
|
- name: STAGING
|
|
value: "no"
|
|
{{ end }}
|
|
volumeMounts:
|
|
- name: etcletsencrypt
|
|
mountPath: "/etc/letsencrypt"
|
|
volumes:
|
|
- name: etcletsencrypt
|
|
persistentVolumeClaim:
|
|
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
|
backoffLimit: 3
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}-nginx-config
|
|
data:
|
|
{{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
|
annotations:
|
|
secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
|
|
stringData:
|
|
POSTGRES_USER: "postgres"
|
|
POSTGRES_DB: "nextcloud"
|