--- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-postgres spec: selector: matchLabels: app: {{ .Release.Name }}-postgres replicas: 1 template: metadata: labels: app: {{ .Release.Name }}-postgres spec: containers: - name: postgres image: postgres:13 ports: - containerPort: 5432 envFrom: - secretRef: name: {{ tpl .Values.identifier . }}-postgres-config volumeMounts: - name: postgres-data mountPath: "/var/lib/postgresql/data" subPath: postgres volumes: - name: postgres-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-postgres-data --- apiVersion: v1 kind: Service metadata: name: {{ .Release.Name }}-postgres labels: app: {{ .Release.Name }}-postgres spec: type: ClusterIP ports: - port: 5432 name: postgres selector: app: {{ .Release.Name }}-postgres --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-nextcloud spec: selector: matchLabels: app: {{ .Release.Name }}-nextcloud replicas: 1 template: metadata: labels: app: {{ .Release.Name }}-nextcloud spec: initContainers: - name: wait-for-cert image: busybox command: - sh - -c - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" containers: - name: nginx image: nginx:1.21-alpine ports: - containerPort: 443 volumeMounts: - name: nginx-config mountPath: "/etc/nginx/conf.d/" - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: nextcloud-data mountPath: "/var/www/html" # Is it ready to work? readinessProbe: tcpSocket: port: 443 initialDelaySeconds: 5 periodSeconds: 10 # Is it still working? livenessProbe: tcpSocket: port: 443 initialDelaySeconds: 15 periodSeconds: 20 - name: nextcloud image: nextcloud:{{ .Chart.AppVersion }}-fpm-alpine # Wait for 10 minutes to get ready startupProbe: httpGet: path: /ocs/v2.php/apps/serverinfo/api/v1/info port: fpm failureThreshold: 20 periodSeconds: 30 # Dead if failing for 1 minute livenessProbe: httpGet: path: /ocs/v2.php/apps/serverinfo/api/v1/info port: fpm failureThreshold: 6 periodSeconds: 10 readinessProbe: httpGet: path: /ocs/v2.php/apps/serverinfo/api/v1/info port: fpm failureThreshold: 3 periodSeconds: 30 ports: - containerPort: 9000 name: fpm env: - name: POSTGRES_DB valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_DB - name: NEXTCLOUD_TRUSTED_DOMAINS value: "{{ tpl .Values.fqdn . }}" - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-nextcloud key: USERNAME - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-nextcloud key: PASSWORD - name: POSTGRES_USER valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_USER - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ tpl .Values.identifier . }}-postgres-config key: POSTGRES_PASSWORD - name: POSTGRES_HOST value: {{ .Release.Name }}-postgres volumeMounts: - name: nextcloud-data mountPath: "/var/www/html" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs - name: nextcloud-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-data - name: postgres-data persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-postgres-data - name: nginx-config configMap: name: {{ tpl .Values.identifier . }}-nginx-config --- apiVersion: v1 kind: Service metadata: name: {{ tpl .Values.identifier . }} labels: app: {{ tpl .Values.identifier . }} spec: type: ClusterIP ports: # Required for letsencrypt - port: 80 name: http - port: 443 name: https selector: app: {{ .Release.Name }}-nextcloud --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-letsencrypt-certs spec: accessModes: - ReadWriteMany resources: requests: storage: 50Mi storageClassName: rook-cephfs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-data spec: accessModes: - ReadWriteMany resources: requests: storage: {{ .Values.datasizeingb }}Gi storageClassName: rook-cephfs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ tpl .Values.identifier . }}-postgres-data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .Values.dbsizeingb }}Gi storageClassName: rook-ceph-block --- apiVersion: batch/v1 kind: Job metadata: name: {{ tpl .Values.identifier . }}-getcert spec: template: metadata: labels: app: {{ .Release.Name }}-nextcloud spec: restartPolicy: Never containers: - name: certbot image: ungleich/ungleich-certbot ports: - containerPort: 80 env: - name: ONLYGETCERT value: "yes" - name: DOMAIN value: "{{ tpl .Values.fqdn . }}" - name: EMAIL value: "{{ .Values.email }}" {{ if eq .Values.letsencryptStaging "no" }} - name: STAGING value: "no" {{ end }} volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs backoffLimit: 3 --- apiVersion: v1 kind: ConfigMap metadata: name: {{ tpl .Values.identifier . }}-nginx-config data: {{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: Secret metadata: name: {{ tpl .Values.identifier . }}-postgres-config annotations: secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD stringData: POSTGRES_USER: "postgres" POSTGRES_DB: "nextcloud" --- apiVersion: v1 kind: Secret metadata: name: {{ tpl .Values.identifier . }}-nextcloud annotations: secret-generator.v1.mittwald.de/autogenerate: PASSWORD stringData: USERNAME: "nextcloud"