-
Notifications
You must be signed in to change notification settings - Fork 9
/
app-nextcloud.yaml
240 lines (232 loc) · 7.68 KB
/
app-nextcloud.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
##
# Kubernetes deployment configuration for running Nextcloud on PHP FPM with
# an Nginx reverse proxy.
#
# @author Guy Elsmore-Paddock (guy@inveniem.com)
# @copyright Copyright (c) 2019-2022, Inveniem
# @license GNU AGPL version 3 or any later version
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: backend-nextcloud
template:
metadata:
labels:
app: backend-nextcloud
role: backend
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
# Prevent multiple replicas from being on the same node.
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- backend-nextcloud
topologyKey: "kubernetes.io/hostname"
containers:
# Container: The PHP-FPM-based Nextcloud backend
- name: backend-nextcloud-fpm
image: "inveniem/nextcloud-fpm:latest"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1500m
memory: 1280Mi
volumeMounts:
- name: volume-nextcloud-app
mountPath: /var/www/html
- name: volume-php-cache
mountPath: /mnt/php-file-cache
env:
- name: NEXTCLOUD_FILE_LOCKING_ENABLED
valueFrom:
configMapKeyRef:
name: environment
key: enableFileLocking
- name: NEXTCLOUD_TRUSTED_DOMAINS
valueFrom:
configMapKeyRef:
name: environment
key: trustedDomains
- name: TRUSTED_PROXIES
valueFrom:
configMapKeyRef:
name: environment
key: trustedProxies
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: "nextcloud-admin-creds"
key: username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: "nextcloud-admin-creds"
key: password
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: "nextcloud-mysql-creds"
key: hostname
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: "nextcloud-mysql-creds"
key: database
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: "nextcloud-mysql-creds"
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: "nextcloud-mysql-creds"
key: password
- name: REDIS_HOST
value: "internal-redis"
- name: REDIS_PORT
value: "6379"
- name: REDIS_KEY
valueFrom:
secretKeyRef:
name: "nextcloud-redis-creds"
key: password
# Container: Nginx Server Middleware
- name: middle-nextcloud-nginx
image: "inveniem/nextcloud-nginx-middleware:latest"
ports:
- containerPort: 80
resources:
requests:
cpu: 10m
memory: 16Mi
limits:
cpu: 250m
memory: 128Mi
volumeMounts:
- name: volume-nextcloud-app
mountPath: /var/www/html
readOnly: true
startupProbe:
# After pod creation, allow Nextcloud to take up to 10 minutes
# (5 seconds x 120 attempts) before concluding the container
# has failed, to allow for automated updates at launch.
periodSeconds: 5
failureThreshold: 120
httpGet:
path: "/status.php"
port: 80
httpHeaders:
- name: "Host"
# This host gets overwritten by
# components/ingress-dns/kustomization.yaml
value: "nextcloud.local"
# This probe kicks in after startup, according to the docs:
# "Once the startup probe has succeeded once, the liveness probe takes
# over to provide a fast response to container deadlocks."
#
# From:
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
periodSeconds: 15
timeoutSeconds: 10
# Restart container after it is down for 5 minutes. The readiness
# probe should prevent it from receiving traffic within 5 seconds of
# it becoming unresponsive.
failureThreshold: 20
successThreshold: 1
httpGet:
path: "/status.php"
port: 80
httpHeaders:
- name: "Host"
# This host gets overwritten by
# components/ingress-dns/kustomization.yaml
value: "nextcloud.local"
readinessProbe:
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
# Ensure stability across two checks before continuing to route
# traffic, so we don't sawtooth during heavy request load between
# being available-unavailable-available-unavailable.
successThreshold: 2
httpGet:
# This path should work both before and after installation.
# In local testing, Nextcloud serves up the installer regardless
# of which URL is provided.
path: "/index.php/login?direct=1"
port: 80
httpHeaders:
- name: "Host"
# This host gets overwritten by
# components/ingress-dns/kustomization.yaml
value: "nextcloud.local"
volumes:
# Ephemeral volume that contains the loaded Nextcloud software,
# shared between the Nextcloud PHP-FPM and Nginx containers within the
# same pod
- name: volume-nextcloud-app
emptyDir: {}
# Ephemeral volume for on-disk PHP opcode cache
- name: volume-php-cache
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: internal-nextcloud
labels:
role: internal-service
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: backend-nextcloud
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend-nextcloud-ingress
labels:
owning-app: "nextcloud"
annotations:
cert-manager.io/issuer: letsencrypt-production
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-body-size: "10g"
spec:
ingressClassName: nginx
tls:
- hosts:
# This host gets overwritten by components/ingress-dns/kustomization.yaml
- "nextcloud.local"
secretName: nextcloud-tls-certificate
rules:
# This host gets overwritten by components/ingress-dns/kustomization.yaml
- host: "nextcloud.local"
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: internal-nextcloud
port:
number: 80