Refactor Nextcloud configuration: update environment variable keys, enhance Ingress annotations, and add database initialization job with kustomization support.
This commit is contained in:
@@ -11,14 +11,14 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: nextcloud
|
||||
image: nextcloud:25.0.3-apache
|
||||
image: nextcloud:REPLACEME
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: NEXTCLOUD_URL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: config
|
||||
key: DOMAIN_URL
|
||||
key: NEXTCLOUD_DOMAIN_URL
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
||||
@@ -26,7 +26,7 @@ spec:
|
||||
protocol: TCP
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: nextcloud-secrets
|
||||
name: secrets
|
||||
- configMapRef:
|
||||
name: config
|
||||
- secretRef:
|
||||
@@ -41,28 +41,28 @@ spec:
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: DOMAIN
|
||||
key: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
name: config
|
||||
- name: NEXTCLOUD_DATA_DIR
|
||||
value: /mnt/data
|
||||
- name: TRUSTED_PROXIES
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: DOMAIN
|
||||
key: NEXTCLOUD_DOMAIN
|
||||
name: config
|
||||
- name: APACHE_DISABLE_REWRITE_IP
|
||||
value: "1"
|
||||
- name: OVERWRITEHOST
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: DOMAIN
|
||||
key: NEXTCLOUD_DOMAIN
|
||||
name: config
|
||||
- name: OVERWRITEPROTOCOL
|
||||
value: https
|
||||
- name: OVERWRITECLIURL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: DOMAIN_URL
|
||||
key: NEXTCLOUD_DOMAIN_URL
|
||||
name: config
|
||||
- name: OVERWRITEWEBROOT
|
||||
value: "/"
|
||||
|
||||
@@ -14,12 +14,19 @@ spec:
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: nextcloud-redirects
|
||||
name: nextcloud-redirects-scheme
|
||||
namespace: nextcloud
|
||||
spec:
|
||||
redirectScheme:
|
||||
permanent: true
|
||||
scheme: https
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: nextcloud-redirects-regex
|
||||
namespace: nextcloud
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: https://(.*)/.well-known/(card|cal)dav
|
||||
replacement: https://$1/remote.php/dav/
|
||||
|
||||
@@ -4,7 +4,9 @@ kind: Ingress
|
||||
metadata:
|
||||
name: nextcloud-public
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: nextcloud-headers@kubernetescrd,nextcloud-redirects@kubernetescrd
|
||||
external-dns.alpha.kubernetes.io/target: your.nextcloud.domain
|
||||
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: nextcloud-nextcloud-headers@kubernetescrd,nextcloud-nextcloud-redirects-scheme@kubernetescrd,nextcloud-nextcloud-redirects-regex@kubernetescrd
|
||||
spec:
|
||||
rules:
|
||||
- host: your.nextcloud.domain
|
||||
|
||||
@@ -12,8 +12,8 @@ spec:
|
||||
args:
|
||||
- |
|
||||
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${NEXTCLOUD_DB_HOST} -U postgres <<EOF
|
||||
CREATE DATABASE ${NEXTCLOUD_DB_NAME} WITH OWNER ${NEXTCLOUD_DB_USER};
|
||||
CREATE USER ${NEXTCLOUD_DB_USER} WITH ENCRYPTED PASSWORD '${NEXTCLOUD_DB_PASSWORD}';
|
||||
CREATE DATABASE ${NEXTCLOUD_DB_NAME} WITH OWNER ${NEXTCLOUD_DB_USER};
|
||||
GRANT ALL PRIVILEGES ON DATABASE ${NEXTCLOUD_DB_NAME} TO ${NEXTCLOUD_DB_USER};
|
||||
EOF
|
||||
env:
|
||||
@@ -22,6 +22,11 @@ spec:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: POSTGRES_ADMIN_PASSWORD
|
||||
- name: NEXTCLOUD_DB_HOST
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: config
|
||||
key: NEXTCLOUD_DB_HOST
|
||||
- name: NEXTCLOUD_DB_NAME
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
13
apps/nextcloud/init/kustomization.yaml
Normal file
13
apps/nextcloud/init/kustomization.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: nextcloud
|
||||
resources:
|
||||
- db-init-job.yaml
|
||||
configMapGenerator:
|
||||
- name: config
|
||||
envs:
|
||||
- ../config/config.env
|
||||
secretGenerator:
|
||||
- name: secrets
|
||||
envs:
|
||||
- ../config/secrets.env
|
||||
@@ -25,6 +25,16 @@ secretGenerator:
|
||||
- config/secrets.env
|
||||
|
||||
replacements:
|
||||
- source:
|
||||
kind: ConfigMap
|
||||
name: config
|
||||
fieldPath: data.DOMAIN
|
||||
targets:
|
||||
- select:
|
||||
kind: Ingress
|
||||
name: nextcloud-public
|
||||
fieldPaths:
|
||||
- metadata.annotations.[external-dns.alpha.kubernetes.io/target]
|
||||
- source:
|
||||
kind: ConfigMap
|
||||
name: config
|
||||
@@ -32,7 +42,7 @@ replacements:
|
||||
targets:
|
||||
- select:
|
||||
kind: Ingress
|
||||
name: nextcloud-ingress
|
||||
name: nextcloud-public
|
||||
fieldPaths:
|
||||
- spec.rules.0.host
|
||||
- spec.tls.0.hosts.0
|
||||
@@ -56,3 +66,18 @@ replacements:
|
||||
name: nextcloud-pvc
|
||||
fieldPaths:
|
||||
- spec.resources.requests.storage
|
||||
- source:
|
||||
kind: ConfigMap
|
||||
name: config
|
||||
fieldPath: data.NEXTCLOUD_IMAGE
|
||||
targets:
|
||||
- select:
|
||||
kind: Deployment
|
||||
name: nextcloud
|
||||
fieldPaths:
|
||||
- spec.template.spec.containers.0.image
|
||||
- select:
|
||||
kind: CronJob
|
||||
name: nextcloud-cron
|
||||
fieldPaths:
|
||||
- spec.jobTemplate.spec.template.spec.containers.0.image
|
||||
|
||||
Reference in New Issue
Block a user