From 60df13c2c59411dda6a9736d2d87beaeccb966f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Tue, 18 Jul 2023 10:28:59 +0200 Subject: [PATCH] fix --- .../apps_v1_Deployment_nextcloud.yaml | 5 +- apps/nextcloud/datas.tf | 6 ++ apps/nextcloud/index.yaml | 100 +++++++++--------- apps/nextcloud/middlewares.tf | 15 --- .../v1_ConfigMap_nextcloud-config.yaml | 5 - 5 files changed, 57 insertions(+), 74 deletions(-) delete mode 100644 apps/nextcloud/middlewares.tf diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml index 4e6abf9..3f73507 100644 --- a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml +++ b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: app nextcloud-redis-client: "true" annotations: - nextcloud-config-hash: c9d560d7e6bc215ec96525af2d0fcee94cef91005ec939e0100dc0fa6999d4c4 + nextcloud-config-hash: e6f7218d8e724ad4d0f1d5c4d12b491c1db2f33fb0dd470a9e05cc7d371db965 php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b spec: @@ -101,9 +101,6 @@ spec: - name: nextcloud-config mountPath: /var/www/html/config/.htaccess subPath: .htaccess - - name: nextcloud-config - mountPath: /var/www/html/config/apache-pretty-urls.config.php - subPath: apache-pretty-urls.config.php - name: nextcloud-config mountPath: /var/www/html/config/apcu.config.php subPath: apcu.config.php diff --git a/apps/nextcloud/datas.tf b/apps/nextcloud/datas.tf index efb12ed..fe847d9 100644 --- a/apps/nextcloud/datas.tf +++ b/apps/nextcloud/datas.tf @@ -33,10 +33,16 @@ data "kustomization_overlay" "data" { spec: template: spec: + securityContext: + runAsGroup: 33 + runAsUser: 33 + fsGroup: 33 containers: - name: nextcloud image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}" imagePullPolicy: "${var.images.nextcloud.pullPolicy}" + securityContext: + runAsNonRoot: true env: - name: POSTGRES_HOST value: "${var.instance}-${var.component}" diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index 50af5ef..05a968f 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,11 +6,6 @@ metadata: name: nextcloud description: null options: - domain: - default: your-company - examples: - - your-company - type: string redis: default: exporter: @@ -44,25 +39,6 @@ options: default: 2Gi type: string type: object - storage: - default: - accessMode: ReadWriteOnce - size: 10Gi - examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object images: default: exporter: @@ -166,6 +142,31 @@ options: type: string type: object type: object + postgres: + default: + replicas: 1 + storage: 5Gi + version: '14' + examples: + - replicas: 1 + storage: 5Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string + type: object + sub-domain: + default: cloud + examples: + - cloud + type: string domain-name: default: your_company.com examples: @@ -191,36 +192,16 @@ options: default: 1 type: integer type: object - issuer: - default: letsencrypt-prod + domain: + default: your-company examples: - - letsencrypt-prod + - your-company type: string ingress-class: default: traefik examples: - traefik type: string - postgres: - default: - replicas: 1 - storage: 5Gi - version: '14' - examples: - - replicas: 1 - storage: 5Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 5Gi - type: string - version: - default: '14' - type: string - type: object admin: default: name: nextcloud_admin @@ -231,11 +212,30 @@ options: default: nextcloud_admin type: string type: object - sub-domain: - default: cloud + issuer: + default: letsencrypt-prod examples: - - cloud + - letsencrypt-prod type: string + storage: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object dependencies: [] providers: kubernetes: true diff --git a/apps/nextcloud/middlewares.tf b/apps/nextcloud/middlewares.tf deleted file mode 100644 index d9b8a1e..0000000 --- a/apps/nextcloud/middlewares.tf +++ /dev/null @@ -1,15 +0,0 @@ -resource "kubectl_manifest" "redirectregex" { - yaml_body = <<-EOF -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: "${var.instance}-redirectregex" - namespace: "${var.namespace}" - labels: ${jsonencode(local.common-labels)} -spec: - redirectRegex: - permanent: true - regex: "https://(.*)/.well-known/(card|cal)dav" - replacement: "https://$${1}/remote.php/dav/" - EOF -} diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml index 61126e6..7bff5f5 100644 --- a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml +++ b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml @@ -43,11 +43,6 @@ data: ), ); } - apache-pretty-urls.config.php: |- - '/', - ); apcu.config.php: |-