Public ungleich kubernetes repository
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

242 lines
6.1 KiB

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-postgres
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-postgres
replicas: 1
template:
metadata:
labels:
app: {{ .Release.Name }}-postgres
spec:
containers:
- name: postgres
image: postgres:13
ports:
- containerPort: 5432
envFrom:
- secretRef:
name: {{ tpl .Values.identifier . }}-postgres-config
volumeMounts:
- name: postgres-data
mountPath: "/var/lib/postgresql/data"
subPath: postgres
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-postgres-data
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-postgres
labels:
app: {{ .Release.Name }}-postgres
spec:
type: ClusterIP
ports:
- port: 5432
name: postgres
selector:
app: {{ .Release.Name }}-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-nextcloud
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-nextcloud
replicas: 1
template:
metadata:
labels:
app: {{ .Release.Name }}-nextcloud
spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- sh
- -c
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: copy-php
image: nextcloud:20-fpm
command: [ "/bin/sh" ]
args:
- -c
- "/entrypoint.sh; rsync -a -v /var/www/html/ /var/www/nextcloud"
volumeMounts:
- name: nextcloud-php
mountPath: "/var/www/nextcloud"
containers:
- name: nginx
image: nginx:1.21-alpine
ports:
- containerPort: 443
volumeMounts:
- name: nginx-config
mountPath: "/etc/nginx/conf.d/"
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: nextcloud-php
mountPath: "/var/www/nextcloud"
- name: nextcloud
image: nextcloud:20-fpm
ports:
- containerPort: 9000
env:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_DB
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_USER
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ tpl .Values.identifier . }}-postgres-config
key: POSTGRES_PASSWORD
- name: POSTGRES_HOST
value: {{ .Release.Name }}-postgres
- name: NEXTCLOUD_DATA_DIR
value: "/data"
volumeMounts:
- name: data
mountPath: "/data"
- name: nextcloud-php
mountPath: "/var/www/nextcloud"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
- name: data
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-data
- name: postgres-data
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-postgres-data
- name: nginx-config
configMap:
name: {{ tpl .Values.identifier . }}-nginx-config
- name: nextcloud-php
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tpl .Values.identifier . }}
labels:
app: {{ tpl .Values.identifier . }}
spec:
type: ClusterIP
ports:
- port: 22
name: ssh
# Required for letsencrypt
- port: 80
name: http
- port: 443
name: https
selector:
app: {{ .Release.Name }}-nextcloud
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ tpl .Values.identifier . }}-letsencrypt-certs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Mi
storageClassName: rook-cephfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ tpl .Values.identifier . }}-data
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: rook-cephfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ tpl .Values.identifier . }}-postgres-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
storageClassName: rook-ceph-block
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ tpl .Values.identifier . }}-getcert
spec:
template:
metadata:
labels:
app: {{ .Release.Name }}-nextcloud
spec:
restartPolicy: Never
containers:
- name: certbot
image: ungleich/ungleich-certbot
ports:
- containerPort: 80
env:
- name: DOMAIN
value: "{{ tpl .Values.fqdn . }}"
- name: EMAIL
value: "{{ .Values.email }}"
{{ if eq .Values.letsencryptStaging "no" }}
- name: STAGING
value: "no"
{{ end }}
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
backoffLimit: 3
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ tpl .Values.identifier . }}-nginx-config
data:
{{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ tpl .Values.identifier . }}-postgres-config
annotations:
secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
stringData:
POSTGRES_USER: "postgres"
POSTGRES_DB: "nextcloud"