vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-12 12:03:32 +02:00
parent 599d175f82
commit 2890064fd4
191 changed files with 893 additions and 1068 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
View File

@@ -1,55 +0,0 @@
# Source: nextcloud/templates/metrics/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud-metrics
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: metrics
template:
metadata:
annotations:
null
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: metrics
spec:
containers:
- name: metrics-exporter
image: "xperimental/nextcloud-exporter:0.6.2"
imagePullPolicy: IfNotPresent
env:
- name: NEXTCLOUD_USERNAME
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
# NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint
- name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local
value: "http://nextcloud.vynil-cloud.svc.cluster.local:80"
- name: NEXTCLOUD_TIMEOUT
value: 5s
- name: NEXTCLOUD_TLS_SKIP_VERIFY
value: "false"
ports:
- name: metrics
containerPort: 9205
securityContext:
runAsUser: 1000
runAsNonRoot: true

185
apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
View File

@@ -1,185 +0,0 @@
# Source: nextcloud/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
template:
metadata:
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
annotations:
nextcloud-config-hash: 389c7a366de1675e1455b824e52d593448eb9f3d376f49a478d2135e037b30a0
php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b
hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204
spec:
containers:
- name: nextcloud
image: nextcloud:29.0.0-apache
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_HOST
value:
- name: POSTGRES_DB
value: "nextcloud"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: password
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.kube.home
- name: NEXTCLOUD_UPDATE
value: "1"
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-config
mountPath: /var/www/html/config/locale.config.php
subPath: locale.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/redis.config.php
subPath: redis.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/.htaccess
subPath: .htaccess
- name: nextcloud-config
mountPath: /var/www/html/config/apcu.config.php
subPath: apcu.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/apps.config.php
subPath: apps.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/autoconfig.php
subPath: autoconfig.php
- name: nextcloud-config
mountPath: /var/www/html/config/smtp.config.php
subPath: smtp.config.php
- name: nextcloud-nginx
image: "nginx:alpine"
imagePullPolicy: IfNotPresent
ports:
- name: http
protocol: TCP
containerPort: 80
livenessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "nextcloud.kube.home"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "nextcloud.kube.home"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-nginx-config
mountPath: /etc/nginx/conf.d/
volumes:
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- name: nextcloud-config
configMap:
name: nextcloud-config
- name: nextcloud-nginx-config
configMap:
name: nextcloud-nginxconfig
securityContext:
# Will mount configuration files as www-data (id: 82) for nextcloud
fsGroup: 82
serviceAccountName: nextcloud-serviceaccount

19
apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
View File

@@ -1,19 +0,0 @@
# Source: nextcloud/templates/hpa.yaml
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app
spec:
scaleTargetRef:
kind: Deployment
apiVersion: apps/v1
name: nextcloud
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 60

2
apps/nextcloud/backups.tf
View File

@@ -6,7 +6,7 @@ resource "kubectl_manifest" "backup_schedule" {
metadata:
name: "${var.instance}-backup"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
backend:
repoPasswordSecretRef:

2
apps/nextcloud/collabora.tf
View File

@@ -1,5 +1,5 @@
locals {
collabora-labels = merge(local.common-labels, {
collabora-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "collabora"
})
}

2
apps/nextcloud/configs.tf
View File

@@ -68,7 +68,7 @@ resource "kubectl_manifest" "nextcloud-config" {
metadata:
name: "${var.component}-${var.instance}-init"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
data: ${jsonencode(local.data-config-init)}
EOF
}

4
apps/nextcloud/datas.tf
View File

@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,7 +21,7 @@ locals {
}, var.storage.volume.class != "" ?{
"storageClassName" = var.storage.volume.class
}:{})
nextcloud-labels = merge(local.common-labels, {
nextcloud-labels = merge(local.common_labels, {
})
}

6
apps/nextcloud/middlewares.tf
View File

@@ -5,7 +5,7 @@ kind: Middleware
metadata:
name: "${var.instance}-redirectdav"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
redirectRegex:
permanent: true
@@ -21,7 +21,7 @@ kind: Middleware
metadata:
name: "${var.instance}-redirectindex"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
redirectRegex:
permanent: false
@@ -37,7 +37,7 @@ kind: Middleware
metadata:
name: "${var.instance}-sslenforce"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
headers:
stsSeconds: 15552000

26
apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
View File

@@ -1,26 +0,0 @@
# Source: nextcloud/templates/metrics/servicemonitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: nextcloud
namespace: "vynil-cloud"
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics
spec:
jobLabel: ""
selector:
matchLabels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: metrics
namespaceSelector:
matchNames:
- "vynil-cloud"
endpoints:
- port: metrics
path: "/"
interval: 30s

2
apps/nextcloud/onlyoffice.tf
View File

@@ -1,5 +1,5 @@
locals {
onlyoffice-labels = merge(local.common-labels, {
onlyoffice-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "onlyoffice"
})
}

2
apps/nextcloud/postgresql.tf
View File

@@ -1,5 +1,5 @@
locals {
pg-labels = merge(local.common-labels, {
pg-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
}

4
apps/nextcloud/presentation.tf
View File

@@ -20,7 +20,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
labels = local.common-labels
labels = local.common_labels
dns_names = local.dns_names
middlewares = ["${var.instance}-sslenforce", "${var.instance}-redirectdav", "${var.instance}-redirectindex"]
services = [local.service]
@@ -48,7 +48,7 @@ module "oauth2" {
instance = var.instance
namespace = var.namespace
domain = var.domain
labels = local.common-labels
labels = local.common_labels
dns_name = local.dns_name
redirect_path = "apps/user_oidc/code"
providers = {

14
apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml
View File

@@ -1,14 +0,0 @@
# Source: nextcloud/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nextcloud-privileged
namespace: vynil-cloud
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nextcloud-privileged
subjects:
- kind: ServiceAccount
name: nextcloud-serviceaccount
namespace: vynil-cloud

15
apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml
View File

@@ -1,15 +0,0 @@
# Source: nextcloud/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nextcloud-privileged
namespace: vynil-cloud
rules:
- apiGroups:
- extensions
resourceNames:
- privileged
resources:
- podsecuritypolicies
verbs:
- use

2
apps/nextcloud/redis.tf
View File

@@ -1,5 +1,5 @@
locals {
redis-labels = merge(local.common-labels, {
redis-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "redis"
})
}

2
apps/nextcloud/secret.tf
View File

@@ -7,7 +7,7 @@ resource "kubectl_manifest" "prj_secret" {
metadata:
name: "${var.component}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
data:

111
apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
View File

@@ -1,111 +0,0 @@
# Source: nextcloud/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-config
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
data:
locale.config.php: |-
<?php
$CONFIG = array (
'default_language' => 'fr',
'default_locale' => 'fr_FR',
'default_phone_region' => 'FR',
'log_type' => 'errorlog',
'loglevel' => 0,
'logdateformat' => 'F d, Y H:i:s',
'trusted_proxies' => array('10.244.0.0/16','2001:cafe:42::1'),
'allow_local_remote_servers' => true,
);
redis.config.php: |-
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'filelocking.enabled' => true,
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}
.htaccess: |-
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>
apcu.config.php: |-
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);
apps.config.php: |-
<?php
$CONFIG = array (
"apps_paths" => array (
0 => array (
"path" => OC::$SERVERROOT."/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => OC::$SERVERROOT."/custom_apps",
"url" => "/custom_apps",
"writable" => true,
),
),
);
autoconfig.php: |-
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}
smtp.config.php: |-
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
}

153
apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
View File

@@ -1,153 +0,0 @@
# Source: nextcloud/templates/nginx-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-nginxconfig
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
data:
default.conf: |-
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 80;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Add .mjs as a file extension for javascript
# Either include it in the default mime.types list
# or include you can include that list explicitly and add the file extension
# only for Nextcloud like below:
include mime.types;
types {
text/javascript js mjs;
}
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php$uri; }
try_files $uri $uri/ =404;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

19
apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
View File

@@ -1,19 +0,0 @@
# Source: nextcloud/templates/nextcloud-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nextcloud-nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app
annotations:
helm.sh/resource-policy: keep
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"

6
apps/nextcloud/v1_ServiceAccount_nextcloud-serviceaccount.yaml
View File

@@ -1,6 +0,0 @@
---
# Source: nextcloud/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nextcloud-serviceaccount

24
apps/nextcloud/v1_Service_nextcloud-metrics.yaml
View File

@@ -1,24 +0,0 @@
# Source: nextcloud/templates/metrics/service.yaml
apiVersion: v1
kind: Service
metadata:
name: nextcloud-metrics
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics
annotations:
prometheus.io/port: "9205"
prometheus.io/scrape: "true"
spec:
type: ClusterIP
ports:
- name: metrics
port: 9205
targetPort: metrics
selector:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: metrics

22
apps/nextcloud/v1_Service_nextcloud.yaml
View File

@@ -1,22 +0,0 @@
# Source: nextcloud/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.6.8
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app