++zammad and more
This commit is contained in:
parent
99712027b1
commit
d9a51eae57
8 changed files with 561 additions and 69 deletions
|
@ -48,73 +48,79 @@ spec:
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ .Release.Name }}-nextcloud
|
name: {{ .Release.Name }}-zammad
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: {{ .Release.Name }}-nextcloud
|
app: {{ .Release.Name }}-zammad
|
||||||
replicas: 1
|
replicas: 1
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app: {{ .Release.Name }}-nextcloud
|
app: {{ .Release.Name }}-zammad
|
||||||
spec:
|
spec:
|
||||||
initContainers:
|
# initContainers:
|
||||||
- name: wait-for-cert
|
# - name: wait-for-cert
|
||||||
image: busybox
|
# image: busybox
|
||||||
command:
|
# command:
|
||||||
- sh
|
# - sh
|
||||||
- -c
|
# - -c
|
||||||
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
|
# - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
|
||||||
volumeMounts:
|
# volumeMounts:
|
||||||
- name: etcletsencrypt
|
# - name: etcletsencrypt
|
||||||
mountPath: "/etc/letsencrypt"
|
# mountPath: "/etc/letsencrypt"
|
||||||
containers:
|
containers:
|
||||||
- name: nginx
|
# - name: nginx
|
||||||
image: nginx:1.21-alpine
|
# image: nginx:1.21-alpine
|
||||||
|
# ports:
|
||||||
|
# - containerPort: 443
|
||||||
|
# volumeMounts:
|
||||||
|
# - name: nginx-config
|
||||||
|
# mountPath: "/etc/nginx/conf.d/"
|
||||||
|
# - name: etcletsencrypt
|
||||||
|
# mountPath: "/etc/letsencrypt"
|
||||||
|
# - name: zammad-data
|
||||||
|
# mountPath: "/var/www/html"
|
||||||
|
# # Is it ready to work?
|
||||||
|
# readinessProbe:
|
||||||
|
# tcpSocket:
|
||||||
|
# port: 443
|
||||||
|
# initialDelaySeconds: 5
|
||||||
|
# periodSeconds: 10
|
||||||
|
# # Is it still working?
|
||||||
|
# livenessProbe:
|
||||||
|
# tcpSocket:
|
||||||
|
# port: 443
|
||||||
|
# initialDelaySeconds: 15
|
||||||
|
# periodSeconds: 20
|
||||||
|
- name: elasticsearch
|
||||||
|
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.1
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 443
|
- containerPort: 9200
|
||||||
volumeMounts:
|
name: elastic
|
||||||
- name: nginx-config
|
|
||||||
mountPath: "/etc/nginx/conf.d/"
|
- name: zammad
|
||||||
- name: etcletsencrypt
|
image: index.docker.io/zammad/zammad-docker-compose:zammad-{{ .Chart.AppVersion }}
|
||||||
mountPath: "/etc/letsencrypt"
|
# # Wait for 10 minutes to get ready
|
||||||
- name: nextcloud-data
|
# startupProbe:
|
||||||
mountPath: "/var/www/html"
|
# httpGet:
|
||||||
# Is it ready to work?
|
# path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
||||||
readinessProbe:
|
# port: fpm
|
||||||
tcpSocket:
|
# failureThreshold: 20
|
||||||
port: 443
|
# periodSeconds: 30
|
||||||
initialDelaySeconds: 5
|
# # Dead if failing for 1 minute
|
||||||
periodSeconds: 10
|
# livenessProbe:
|
||||||
# Is it still working?
|
# httpGet:
|
||||||
livenessProbe:
|
# path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
||||||
tcpSocket:
|
# port: fpm
|
||||||
port: 443
|
# failureThreshold: 6
|
||||||
initialDelaySeconds: 15
|
# periodSeconds: 10
|
||||||
periodSeconds: 20
|
# readinessProbe:
|
||||||
- name: nextcloud
|
# httpGet:
|
||||||
image: nextcloud:{{ .Chart.AppVersion }}-fpm-alpine
|
# path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
||||||
# Wait for 10 minutes to get ready
|
# port: fpm
|
||||||
startupProbe:
|
# failureThreshold: 3
|
||||||
httpGet:
|
# periodSeconds: 30
|
||||||
path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
|
||||||
port: fpm
|
|
||||||
failureThreshold: 20
|
|
||||||
periodSeconds: 30
|
|
||||||
# Dead if failing for 1 minute
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
|
||||||
port: fpm
|
|
||||||
failureThreshold: 6
|
|
||||||
periodSeconds: 10
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
|
||||||
port: fpm
|
|
||||||
failureThreshold: 3
|
|
||||||
periodSeconds: 30
|
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 9000
|
- containerPort: 9000
|
||||||
name: fpm
|
name: fpm
|
||||||
|
@ -124,17 +130,17 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ tpl .Values.identifier . }}-postgres-config
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
||||||
key: POSTGRES_DB
|
key: POSTGRES_DB
|
||||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
- name: ZAMMAD_TRUSTED_DOMAINS
|
||||||
value: "{{ tpl .Values.fqdn . }}"
|
value: "{{ tpl .Values.fqdn . }}"
|
||||||
- name: NEXTCLOUD_ADMIN_USER
|
- name: ZAMMAD_ADMIN_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ tpl .Values.identifier . }}-nextcloud
|
name: {{ tpl .Values.identifier . }}-zammad
|
||||||
key: USERNAME
|
key: USERNAME
|
||||||
- name: NEXTCLOUD_ADMIN_PASSWORD
|
- name: ZAMMAD_ADMIN_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ tpl .Values.identifier . }}-nextcloud
|
name: {{ tpl .Values.identifier . }}-zammad
|
||||||
key: PASSWORD
|
key: PASSWORD
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -149,13 +155,13 @@ spec:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: {{ .Release.Name }}-postgres
|
value: {{ .Release.Name }}-postgres
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: nextcloud-data
|
- name: zammad-data
|
||||||
mountPath: "/var/www/html"
|
mountPath: "/var/www/html"
|
||||||
volumes:
|
volumes:
|
||||||
- name: etcletsencrypt
|
- name: etcletsencrypt
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
||||||
- name: nextcloud-data
|
- name: zammad-data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ tpl .Values.identifier . }}-data
|
claimName: {{ tpl .Values.identifier . }}-data
|
||||||
- name: postgres-data
|
- name: postgres-data
|
||||||
|
@ -180,7 +186,7 @@ spec:
|
||||||
- port: 443
|
- port: 443
|
||||||
name: https
|
name: https
|
||||||
selector:
|
selector:
|
||||||
app: {{ .Release.Name }}-nextcloud
|
app: {{ .Release.Name }}-zammad
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
|
@ -226,7 +232,7 @@ spec:
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app: {{ .Release.Name }}-nextcloud
|
app: {{ .Release.Name }}-zammad
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
containers:
|
containers:
|
||||||
|
@ -269,13 +275,13 @@ metadata:
|
||||||
secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
|
secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
|
||||||
stringData:
|
stringData:
|
||||||
POSTGRES_USER: "postgres"
|
POSTGRES_USER: "postgres"
|
||||||
POSTGRES_DB: "nextcloud"
|
POSTGRES_DB: "zammad"
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ tpl .Values.identifier . }}-nextcloud
|
name: {{ tpl .Values.identifier . }}-zammad
|
||||||
annotations:
|
annotations:
|
||||||
secret-generator.v1.mittwald.de/autogenerate: PASSWORD
|
secret-generator.v1.mittwald.de/autogenerate: PASSWORD
|
||||||
stringData:
|
stringData:
|
||||||
USERNAME: "nextcloud"
|
USERNAME: "zammad"
|
||||||
|
|
23
apps/zammad/.helmignore
Normal file
23
apps/zammad/.helmignore
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
8
apps/zammad/Chart.yaml
Normal file
8
apps/zammad/Chart.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: v2
|
||||||
|
name: ungleich-zammad
|
||||||
|
description: ungleich managed zammad
|
||||||
|
|
||||||
|
type: application
|
||||||
|
|
||||||
|
version: 0.1.0
|
||||||
|
appVersion: "5.0.0-2"
|
150
apps/zammad/nginx/default.conf
Normal file
150
apps/zammad/nginx/default.conf
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
upstream php-handler {
|
||||||
|
server localhost:9000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name {{ tpl .Values.fqdn . }};
|
||||||
|
|
||||||
|
# Use Mozilla's guidelines for SSL/TLS settings
|
||||||
|
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;
|
||||||
|
|
||||||
|
# Increase timeouts -- mainly for initial setup
|
||||||
|
proxy_read_timeout 300;
|
||||||
|
proxy_send_timeout 300;
|
||||||
|
proxy_connect_timeout 300;
|
||||||
|
|
||||||
|
# HSTS settings
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||||
|
|
||||||
|
# set max upload size
|
||||||
|
client_max_body_size 512M;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||||
|
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Download-Options "noopen" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "none" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
|
||||||
|
# Remove X-Powered-By, which is an information leak
|
||||||
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
|
||||||
|
# Path to the root of your installation
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||||
|
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||||
|
# when a client requests a path that corresponds to a directory that exists
|
||||||
|
# on the server. In particular, if that directory contains an index.php file,
|
||||||
|
# that file is correctly served; if it doesn't, then the request is passed to
|
||||||
|
# the front-end controller. This consistent behaviour means that we don't need
|
||||||
|
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||||
|
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||||
|
# `try_files $uri $uri/ /index.php$request_uri`
|
||||||
|
# always provides the desired behaviour.
|
||||||
|
index index.php index.html /index.php$request_uri;
|
||||||
|
|
||||||
|
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||||
|
location = / {
|
||||||
|
if ( $http_user_agent ~ ^DavClnt ) {
|
||||||
|
return 302 /remote.php/webdav/$is_args$args;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Make a regex exception for `/.well-known` so that clients can still
|
||||||
|
# access it despite the existence of the regex rule
|
||||||
|
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||||
|
# for `/.well-known`.
|
||||||
|
location ^~ /.well-known {
|
||||||
|
# The rules in this block are an adaptation of the rules
|
||||||
|
# in `.htaccess` that concern `/.well-known`.
|
||||||
|
|
||||||
|
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||||
|
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||||
|
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||||
|
|
||||||
|
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||||
|
# requests by passing them to the front-end controller.
|
||||||
|
return 301 /index.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||||
|
|
||||||
|
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||||
|
# which handle static assets (as seen below). If this block is not declared first,
|
||||||
|
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||||
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
|
location ~ \.php(?:$|/) {
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
|
|
||||||
|
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||||
|
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
||||||
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.woff2?$ {
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||||
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rule borrowed from `.htaccess`
|
||||||
|
location /remote {
|
||||||
|
return 301 /remote.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php$request_uri;
|
||||||
|
}
|
||||||
|
}
|
281
apps/zammad/templates/deployment.yaml
Normal file
281
apps/zammad/templates/deployment.yaml
Normal file
|
@ -0,0 +1,281 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-postgres
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ .Release.Name }}-postgres
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: {{ .Release.Name }}-postgres
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: postgres
|
||||||
|
image: postgres:13
|
||||||
|
ports:
|
||||||
|
- containerPort: 5432
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
||||||
|
|
||||||
|
volumeMounts:
|
||||||
|
- name: postgres-data
|
||||||
|
mountPath: "/var/lib/postgresql/data"
|
||||||
|
subPath: postgres
|
||||||
|
volumes:
|
||||||
|
- name: postgres-data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ tpl .Values.identifier . }}-postgres-data
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-postgres
|
||||||
|
labels:
|
||||||
|
app: {{ .Release.Name }}-postgres
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 5432
|
||||||
|
name: postgres
|
||||||
|
selector:
|
||||||
|
app: {{ .Release.Name }}-postgres
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-nextcloud
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ .Release.Name }}-nextcloud
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: {{ .Release.Name }}-nextcloud
|
||||||
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: wait-for-cert
|
||||||
|
image: busybox
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
|
||||||
|
volumeMounts:
|
||||||
|
- name: etcletsencrypt
|
||||||
|
mountPath: "/etc/letsencrypt"
|
||||||
|
containers:
|
||||||
|
- name: nginx
|
||||||
|
image: nginx:1.21-alpine
|
||||||
|
ports:
|
||||||
|
- containerPort: 443
|
||||||
|
volumeMounts:
|
||||||
|
- name: nginx-config
|
||||||
|
mountPath: "/etc/nginx/conf.d/"
|
||||||
|
- name: etcletsencrypt
|
||||||
|
mountPath: "/etc/letsencrypt"
|
||||||
|
- name: nextcloud-data
|
||||||
|
mountPath: "/var/www/html"
|
||||||
|
# Is it ready to work?
|
||||||
|
readinessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 443
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 10
|
||||||
|
# Is it still working?
|
||||||
|
livenessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 443
|
||||||
|
initialDelaySeconds: 15
|
||||||
|
periodSeconds: 20
|
||||||
|
- name: nextcloud
|
||||||
|
image: nextcloud:{{ .Chart.AppVersion }}-fpm-alpine
|
||||||
|
# Wait for 10 minutes to get ready
|
||||||
|
startupProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
||||||
|
port: fpm
|
||||||
|
failureThreshold: 20
|
||||||
|
periodSeconds: 30
|
||||||
|
# Dead if failing for 1 minute
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
||||||
|
port: fpm
|
||||||
|
failureThreshold: 6
|
||||||
|
periodSeconds: 10
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ocs/v2.php/apps/serverinfo/api/v1/info
|
||||||
|
port: fpm
|
||||||
|
failureThreshold: 3
|
||||||
|
periodSeconds: 30
|
||||||
|
ports:
|
||||||
|
- containerPort: 9000
|
||||||
|
name: fpm
|
||||||
|
env:
|
||||||
|
- name: POSTGRES_DB
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
||||||
|
key: POSTGRES_DB
|
||||||
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||||
|
value: "{{ tpl .Values.fqdn . }}"
|
||||||
|
- name: NEXTCLOUD_ADMIN_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ tpl .Values.identifier . }}-nextcloud
|
||||||
|
key: USERNAME
|
||||||
|
- name: NEXTCLOUD_ADMIN_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ tpl .Values.identifier . }}-nextcloud
|
||||||
|
key: PASSWORD
|
||||||
|
- name: POSTGRES_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
||||||
|
key: POSTGRES_USER
|
||||||
|
- name: POSTGRES_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
||||||
|
key: POSTGRES_PASSWORD
|
||||||
|
- name: POSTGRES_HOST
|
||||||
|
value: {{ .Release.Name }}-postgres
|
||||||
|
volumeMounts:
|
||||||
|
- name: nextcloud-data
|
||||||
|
mountPath: "/var/www/html"
|
||||||
|
volumes:
|
||||||
|
- name: etcletsencrypt
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
||||||
|
- name: nextcloud-data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ tpl .Values.identifier . }}-data
|
||||||
|
- name: postgres-data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ tpl .Values.identifier . }}-postgres-data
|
||||||
|
- name: nginx-config
|
||||||
|
configMap:
|
||||||
|
name: {{ tpl .Values.identifier . }}-nginx-config
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}
|
||||||
|
labels:
|
||||||
|
app: {{ tpl .Values.identifier . }}
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
# Required for letsencrypt
|
||||||
|
- port: 80
|
||||||
|
name: http
|
||||||
|
- port: 443
|
||||||
|
name: https
|
||||||
|
selector:
|
||||||
|
app: {{ .Release.Name }}-nextcloud
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 50Mi
|
||||||
|
storageClassName: rook-cephfs
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-data
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.datasizeingb }}Gi
|
||||||
|
storageClassName: rook-cephfs
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-postgres-data
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.dbsizeingb }}Gi
|
||||||
|
storageClassName: rook-ceph-block
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-getcert
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: {{ .Release.Name }}-nextcloud
|
||||||
|
spec:
|
||||||
|
restartPolicy: Never
|
||||||
|
containers:
|
||||||
|
- name: certbot
|
||||||
|
image: ungleich/ungleich-certbot
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
env:
|
||||||
|
- name: ONLYGETCERT
|
||||||
|
value: "yes"
|
||||||
|
- name: DOMAIN
|
||||||
|
value: "{{ tpl .Values.fqdn . }}"
|
||||||
|
- name: EMAIL
|
||||||
|
value: "{{ .Values.email }}"
|
||||||
|
{{ if eq .Values.letsencryptStaging "no" }}
|
||||||
|
- name: STAGING
|
||||||
|
value: "no"
|
||||||
|
{{ end }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: etcletsencrypt
|
||||||
|
mountPath: "/etc/letsencrypt"
|
||||||
|
volumes:
|
||||||
|
- name: etcletsencrypt
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
|
||||||
|
backoffLimit: 3
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-nginx-config
|
||||||
|
data:
|
||||||
|
{{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-postgres-config
|
||||||
|
annotations:
|
||||||
|
secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
|
||||||
|
stringData:
|
||||||
|
POSTGRES_USER: "postgres"
|
||||||
|
POSTGRES_DB: "nextcloud"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ tpl .Values.identifier . }}-nextcloud
|
||||||
|
annotations:
|
||||||
|
secret-generator.v1.mittwald.de/autogenerate: PASSWORD
|
||||||
|
stringData:
|
||||||
|
USERNAME: "nextcloud"
|
13
apps/zammad/templates/tests/test-connection.yaml
Normal file
13
apps/zammad/templates/tests/test-connection.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: "{{ tpl .Values.identifier . }}-test-connection"
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": test
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wget
|
||||||
|
image: busybox
|
||||||
|
command: ['wget']
|
||||||
|
args: ['https://{{ tpl .Values.fqdn . }}']
|
||||||
|
restartPolicy: Never
|
11
apps/zammad/values.yaml
Normal file
11
apps/zammad/values.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
clusterDomain: c2.k8s.ooo
|
||||||
|
email: technik@ungleich.ch
|
||||||
|
letsencryptStaging: "yes"
|
||||||
|
|
||||||
|
# This is how the service and the data volumes are named - i.e. the
|
||||||
|
# persistent thing
|
||||||
|
identifier: "{{ .Release.Name }}"
|
||||||
|
fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
|
||||||
|
|
||||||
|
datasizeingb: 1
|
||||||
|
dbsizeingb: 0.5
|
Loading…
Reference in a new issue