diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 68e4da7a..32025a10 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -2,8 +2,8 @@ name: Update Helm Chart on: workflow_dispatch: - # schedule: - # - cron: '00 12 * * *' + schedule: + - cron: '00 12 * * *' jobs: psalm: @@ -14,7 +14,12 @@ jobs: uses: actions/checkout@v3 - name: update helm chart run: | - sudo bash helm-chart/update-helm.sh + DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)" + DOCKER_TAG="${DOCKER_TAG%%latest*}" + export DOCKER_TAG + if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then + sudo bash helm-chart/update-helm.sh "$DOCKER_TAG" + fi - name: Create Pull Request uses: peter-evans/create-pull-request@v4 with: @@ -25,4 +30,4 @@ jobs: labels: dependencies milestone: next branch: aio-helm-update - github_token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml new file mode 100755 index 00000000..916f866d --- /dev/null +++ b/helm-chart/Chart.yaml @@ -0,0 +1,8 @@ +name: Nextcloud AIO Helm Chart +description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose +version: 4.1.0 +apiVersion: v1 +keywords: + - latest +sources: https://github.com/nextcloud/all-in-one/tree/main/helm-chart +home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart diff --git a/helm-chart/readme.md b/helm-chart/readme.md new file mode 100755 index 00000000..b2f5c89d --- /dev/null +++ b/helm-chart/readme.md @@ -0,0 +1,3 @@ +# You can also install the AIO containers on Kubernetes using this Helm Chart + +This is currently beta and not ready yet. diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml new file mode 100755 index 00000000..6b23459a --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-apache + name: nextcloud-aio-apache +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-apache + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-apache + spec: + containers: + - env: + - name: APACHE_MAX_SIZE + value: "{{ .Values.APACHE_MAX_SIZE }}" + - name: APACHE_MAX_TIME + value: "{{ .Values.NEXTCLOUD_MAX_TIME }}" + - name: APACHE_PORT + value: "{{ .Values.APACHE_PORT }}" + - name: COLLABORA_HOST + value: nextcloud-aio-collabora + - name: NC_DOMAIN + value: "{{ .Values.NC_DOMAIN }}" + - name: NEXTCLOUD_HOST + value: nextcloud-aio-nextcloud + - name: ONLYOFFICE_HOST + value: nextcloud-aio-onlyoffice + - name: TALK_HOST + value: nextcloud-aio-talk + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-apache:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-apache + ports: + - containerPort: {{ .Values.APACHE_PORT }} + volumeMounts: + - mountPath: /var/www/html + name: nextcloud-aio-nextcloud + readOnly: true + - mountPath: /mnt/data + name: nextcloud-aio-apache + volumes: + - name: nextcloud-aio-nextcloud + persistentVolumeClaim: + claimName: nextcloud-aio-nextcloud + readOnly: true + - name: nextcloud-aio-apache + persistentVolumeClaim: + claimName: nextcloud-aio-apache diff --git a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml new file mode 100755 index 00000000..fc6d1b65 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-apache + name: nextcloud-aio-apache +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-apache-service.yaml b/helm-chart/templates/nextcloud-aio-apache-service.yaml new file mode 100755 index 00000000..22ed8269 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-apache-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-apache + name: nextcloud-aio-apache +spec: + ports: + - name: "{{ .Values.APACHE_PORT }}" + port: {{ .Values.APACHE_PORT }} + targetPort: {{ .Values.APACHE_PORT }} + selector: + io.kompose.service: nextcloud-aio-apache +status: + loadBalancer: {} diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml new file mode 100755 index 00000000..7de199da --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -0,0 +1,40 @@ +{{- if eq .Values.CLAMAV_ENABLED "yes" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-clamav + name: nextcloud-aio-clamav +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-clamav + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-clamav + spec: + containers: + - env: + - name: CLAMD_STARTUP_TIMEOUT + value: "90" + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-clamav:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-clamav + volumeMounts: + - mountPath: /var/lib/clamav + name: nextcloud-aio-clamav + volumes: + - name: nextcloud-aio-clamav + persistentVolumeClaim: + claimName: nextcloud-aio-clamav +{{- end }} diff --git a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml new file mode 100755 index 00000000..776901fb --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-clamav + name: nextcloud-aio-clamav +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml new file mode 100755 index 00000000..2f83b739 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -0,0 +1,44 @@ +{{- if eq .Values.COLLABORA_ENABLED "yes" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-collabora + name: nextcloud-aio-collabora +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-collabora + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-collabora + spec: + containers: + - env: + - name: TZ + value: "{{ .Values.TIMEZONE }}" + - name: aliasgroup1 + value: https://{{ .Values.NC_DOMAIN }}:443 + - name: dictionaries + value: "{{ .Values.COLLABORA_DICTIONARIES }}" + - name: extra_params + value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json + image: nextcloud/aio-collabora:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-collabora + volumeMounts: + - mountPath: /opt/cool/systemplate/tmpfonts + name: nextcloud-aio-collabora-fonts + volumes: + - name: nextcloud-aio-collabora-fonts + persistentVolumeClaim: + claimName: nextcloud-aio-collabora-fonts +{{- end }} diff --git a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml new file mode 100755 index 00000000..099998a4 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-collabora-fonts + name: nextcloud-aio-collabora-fonts +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml new file mode 100755 index 00000000..b5bae70e --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-database + name: nextcloud-aio-database +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-database + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-database + spec: + containers: + - env: + - name: PGTZ + value: "{{ .Values.TIMEZONE }}" + - name: POSTGRES_DB + value: nextcloud_database + - name: POSTGRES_PASSWORD + value: "{{ .Values.DATABASE_PASSWORD }}" + - name: POSTGRES_USER + value: nextcloud + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-postgresql:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-database + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: nextcloud-aio-database + - mountPath: /mnt/data + name: nextcloud-aio-database-dump + terminationGracePeriodSeconds: 1800 + volumes: + - name: nextcloud-aio-database + persistentVolumeClaim: + claimName: nextcloud-aio-database + - name: nextcloud-aio-database-dump + persistentVolumeClaim: + claimName: nextcloud-aio-database-dump diff --git a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml new file mode 100755 index 00000000..5b5d61b2 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-database-dump + name: nextcloud-aio-database-dump +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml new file mode 100755 index 00000000..71a78ad6 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-database + name: nextcloud-aio-database +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml new file mode 100755 index 00000000..ec2ecbce --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-elasticsearch + name: nextcloud-aio-elasticsearch +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml new file mode 100755 index 00000000..33408159 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -0,0 +1,42 @@ +{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-fulltextsearch + name: nextcloud-aio-fulltextsearch +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-fulltextsearch + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-fulltextsearch + spec: + containers: + - env: + - name: ES_JAVA_OPTS + value: -Xms1024M -Xmx1024M + - name: TZ + value: "{{ .Values.TIMEZONE }}" + - name: discovery.type + value: single-node + image: nextcloud/aio-fulltextsearch:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-fulltextsearch + volumeMounts: + - mountPath: /usr/share/elasticsearch/data + name: nextcloud-aio-elasticsearch + volumes: + - name: nextcloud-aio-elasticsearch + persistentVolumeClaim: + claimName: nextcloud-aio-elasticsearch +{{- end }} diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml new file mode 100755 index 00000000..e6b90ac7 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -0,0 +1,31 @@ +{{- if eq .Values.IMAGINARY_ENABLED "yes" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-imaginary + name: nextcloud-aio-imaginary +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-imaginary + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-imaginary + spec: + containers: + - env: + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-imaginary:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-imaginary +{{- end }} diff --git a/helm-chart/templates/nextcloud-aio-networkpolicy.yaml b/helm-chart/templates/nextcloud-aio-networkpolicy.yaml new file mode 100755 index 00000000..6f63b3c0 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-networkpolicy.yaml @@ -0,0 +1,13 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: nextcloud-aio +spec: + ingress: + - from: + - podSelector: + matchLabels: + io.kompose.network/nextcloud-aio: "true" + podSelector: + matchLabels: + io.kompose.network/nextcloud-aio: "true" diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml new file mode 100755 index 00000000..a3e65b4f --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-nextcloud-data + name: nextcloud-aio-nextcloud-data +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml new file mode 100755 index 00000000..72483cfe --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-nextcloud + name: nextcloud-aio-nextcloud +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-nextcloud + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-nextcloud + spec: + containers: + - env: + - name: ADDITIONAL_APKS + value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}" + - name: ADDITIONAL_PHP_EXTENSIONS + value: "{{ .Values.NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS }}" + - name: ADMIN_PASSWORD + value: "{{ .Values.NEXTCLOUD_PASSWORD }}" + - name: ADMIN_USER + value: admin + - name: AIO_TOKEN + value: "{{ .Values.AIO_TOKEN }}" + - name: AIO_URL + value: "{{ .Values.AIO_URL }}" + - name: CLAMAV_ENABLED + value: "{{ .Values.CLAMAV_ENABLED }}" + - name: CLAMAV_HOST + value: nextcloud-aio-clamav + - name: COLLABORA_ENABLED + value: "{{ .Values.COLLABORA_ENABLED }}" + - name: COLLABORA_HOST + value: nextcloud-aio-collabora + - name: FULLTEXTSEARCH_ENABLED + value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}" + - name: FULLTEXTSEARCH_HOST + value: nextcloud-aio-fulltextsearch + - name: IMAGINARY_ENABLED + value: "{{ .Values.IMAGINARY_ENABLED }}" + - name: IMAGINARY_HOST + value: nextcloud-aio-imaginary + - name: NC_DOMAIN + value: "{{ .Values.NC_DOMAIN }}" + - name: NEXTCLOUD_DATA_DIR + value: /mnt/ncdata + - name: NEXTCLOUD_MOUNT + value: "{{ .Values.NEXTCLOUD_MOUNT }}" + - name: ONLYOFFICE_ENABLED + value: "{{ .Values.ONLYOFFICE_ENABLED }}" + - name: ONLYOFFICE_HOST + value: nextcloud-aio-onlyoffice + - name: ONLYOFFICE_SECRET + value: "{{ .Values.ONLYOFFICE_SECRET }}" + - name: OVERWRITEHOST + value: "{{ .Values.NC_DOMAIN }}" + - name: OVERWRITEPROTOCOL + value: https + - name: PHP_MAX_TIME + value: "{{ .Values.NEXTCLOUD_MAX_TIME }}" + - name: PHP_MEMORY_LIMIT + value: "{{ .Values.NEXTCLOUD_MEMORY_LIMIT }}" + - name: PHP_UPLOAD_LIMIT + value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" + - name: POSTGRES_DB + value: nextcloud_database + - name: POSTGRES_HOST + value: nextcloud-aio-database + - name: POSTGRES_PASSWORD + value: "{{ .Values.DATABASE_PASSWORD }}" + - name: POSTGRES_USER + value: nextcloud + - name: REDIS_HOST + value: nextcloud-aio-redis + - name: REDIS_HOST_PASSWORD + value: "{{ .Values.REDIS_PASSWORD }}" + - name: SIGNALING_SECRET + value: "{{ .Values.SIGNALING_SECRET }}" + - name: STARTUP_APPS + value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}" + - name: TALK_ENABLED + value: "{{ .Values.TALK_ENABLED }}" + - name: TALK_PORT + value: "{{ .Values.TALK_PORT }}" + - name: TRUSTED_CACERTS_DIR + value: "{{ .Values.NEXTCLOUD_TRUSTED_CACERTS_DIR }}" + - name: TURN_SECRET + value: "{{ .Values.TURN_SECRET }}" + - name: TZ + value: "{{ .Values.TIMEZONE }}" + - name: UPDATE_NEXTCLOUD_APPS + value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}" + image: nextcloud/aio-nextcloud:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-nextcloud + volumeMounts: + - mountPath: /var/www/html + name: nextcloud-aio-nextcloud + - mountPath: /mnt/ncdata + name: nextcloud-aio-nextcloud-data + - mountPath: /mnt/ + name: nextcloud-aio-nextcloud-mount + - mountPath: /usr/local/share/ca-certificates + name: nextcloud-aio-nextcloud-trusted-cacerts + readOnly: true + volumes: + - name: nextcloud-aio-nextcloud + persistentVolumeClaim: + claimName: nextcloud-aio-nextcloud + - name: nextcloud-aio-nextcloud-data + persistentVolumeClaim: + claimName: nextcloud-aio-nextcloud-data + - name: nextcloud-aio-nextcloud-mount + persistentVolumeClaim: + claimName: nextcloud-aio-nextcloud-mount + - name: nextcloud-aio-nextcloud-trusted-cacerts + persistentVolumeClaim: + claimName: nextcloud-aio-nextcloud-trusted-cacerts + readOnly: true diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml new file mode 100755 index 00000000..ced4114b --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-nextcloud-mount-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-nextcloud-mount + name: nextcloud-aio-nextcloud-mount +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml new file mode 100755 index 00000000..b047dc5a --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-nextcloud + name: nextcloud-aio-nextcloud +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml new file mode 100755 index 00000000..6a46650c --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts + name: nextcloud-aio-nextcloud-trusted-cacerts +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml new file mode 100755 index 00000000..1da2dbb7 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -0,0 +1,44 @@ +{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-onlyoffice + name: nextcloud-aio-onlyoffice +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-onlyoffice + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-onlyoffice + spec: + containers: + - env: + - name: JWT_ENABLED + value: "true" + - name: JWT_HEADER + value: AuthorizationJwt + - name: JWT_SECRET + value: "{{ .Values.ONLYOFFICE_SECRET }}" + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-onlyoffice:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-onlyoffice + volumeMounts: + - mountPath: /var/lib/onlyoffice + name: nextcloud-aio-onlyoffice + volumes: + - name: nextcloud-aio-onlyoffice + persistentVolumeClaim: + claimName: nextcloud-aio-onlyoffice +{{- end }} diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml new file mode 100755 index 00000000..90916696 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-onlyoffice + name: nextcloud-aio-onlyoffice +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml new file mode 100755 index 00000000..0dc84638 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-redis + name: nextcloud-aio-redis +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-redis + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-redis + spec: + containers: + - env: + - name: REDIS_HOST_PASSWORD + value: "{{ .Values.REDIS_PASSWORD }}" + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-redis:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-redis + volumeMounts: + - mountPath: /data + name: nextcloud-aio-redis + volumes: + - name: nextcloud-aio-redis + persistentVolumeClaim: + claimName: nextcloud-aio-redis diff --git a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml new file mode 100755 index 00000000..fd7af042 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: nextcloud-aio-redis + name: nextcloud-aio-redis +spec: + {{- if .Values.STORAGE_CLASS }} + storageClassName: {{ .Values.STORAGE_CLASS }} + {{- end }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.MAX_STORAGE_SIZE }} diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml new file mode 100755 index 00000000..29d078c8 --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -0,0 +1,45 @@ +{{- if eq .Values.TALK_ENABLED "yes" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-talk + name: nextcloud-aio-talk +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: nextcloud-aio-talk + template: + metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.network/nextcloud-aio: "true" + io.kompose.service: nextcloud-aio-talk + spec: + containers: + - env: + - name: JANUS_API_KEY + value: "{{ .Values.JANUS_API_KEY }}" + - name: NC_DOMAIN + value: "{{ .Values.NC_DOMAIN }}" + - name: SIGNALING_SECRET + value: "{{ .Values.SIGNALING_SECRET }}" + - name: TALK_PORT + value: "{{ .Values.TALK_PORT }}" + - name: TURN_SECRET + value: "{{ .Values.TURN_SECRET }}" + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-talk:20221229_091124-{{ .Values.IMAGE_TAG }} + name: nextcloud-aio-talk + ports: + - containerPort: {{ .Values.TALK_PORT }} + - containerPort: {{ .Values.TALK_PORT }} + protocol: UDP +{{- end }} diff --git a/helm-chart/templates/nextcloud-aio-talk-service.yaml b/helm-chart/templates/nextcloud-aio-talk-service.yaml new file mode 100755 index 00000000..a9588e4e --- /dev/null +++ b/helm-chart/templates/nextcloud-aio-talk-service.yaml @@ -0,0 +1,24 @@ +{{- if eq .Values.TALK_ENABLED "yes" }} +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -c -f latest.yml + kompose.version: 1.27.0 (b0ed6a2c9) + labels: + io.kompose.service: nextcloud-aio-talk + name: nextcloud-aio-talk +spec: + ports: + - name: "{{ .Values.TALK_PORT }}" + port: {{ .Values.TALK_PORT }} + targetPort: {{ .Values.TALK_PORT }} + - name: {{ .Values.TALK_PORT }}-udp + port: {{ .Values.TALK_PORT }} + protocol: UDP + targetPort: {{ .Values.TALK_PORT }} + selector: + io.kompose.service: nextcloud-aio-talk +status: + loadBalancer: {} +{{- end }} diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh new file mode 100755 index 00000000..8268bbde --- /dev/null +++ b/helm-chart/update-helm.sh @@ -0,0 +1,117 @@ +#!/bin/bash + +DOCKER_TAG="$1" + +# Clean +rm -f ./helm-chart/values.yaml +rm -rf ./helm-chart/templates + +# Install kompose +LATEST_KOMPOSE="$(git ls-remote --tags https://github.com/kubernetes/kompose.git | cut -d/ -f3 | grep -viE -- 'rc|b' | sort -V | tail -1)" +curl -L https://github.com/kubernetes/kompose/releases/download/"$LATEST_KOMPOSE"/kompose-linux-amd64 -o kompose +chmod +x kompose +sudo mv ./kompose /usr/local/bin/kompose + +set -ex + +# Conversion of docker-compose +cd manual-install +cp latest.yml latest.yml.backup +cp sample.conf /tmp/ +sed -i 's|^|export |' /tmp/sample.conf +# shellcheck disable=SC1091 +source /tmp/sample.conf +rm /tmp/sample.conf +sed -i "s|\${IMAGE_TAG}|$DOCKER_TAG\${IMAGE_TAG}|" latest.yml +sed -i "s|\${APACHE_IP_BINDING}|$APACHE_IP_BINDING|" latest.yml +sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml +sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml +sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml +sed -i "/NEXTCLOUD_DATADIR/d" latest.yml +sed -i "s|\${NEXTCLOUD_MOUNT}:\${NEXTCLOUD_MOUNT}:|nextcloud_aio_nextcloud_mount:$NEXTCLOUD_MOUNT:|" latest.yml +sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml +sed -i 's|\${|{{ .Values.|g' latest.yml +sed -i 's|}| }}|g' latest.yml +sed -i '/profiles: /d' latest.yml +cat latest.yml +kompose convert -c -f latest.yml +cd latest + +# shellcheck disable=SC1083 +find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: {{ .Values.MAX_STORAGE_SIZE }}|" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteMany|" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadWriteOnce|ReadWriteMany|" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ storageClassName: {{ .Values.STORAGE_CLASS }}" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*apache*' -exec sed -i "s|$APACHE_IP_BINDING|{{ .Values.APACHE_IP_BINDING }}|" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*.yaml' -exec sed -i "/strategy:/d" \{} \; +# shellcheck disable=SC1083 +find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/d" \{} \; +# shellcheck disable=SC1083 +find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; + +cd ../ +mkdir -p ../helm-chart/ +rm latest/Chart.yaml +rm latest/README.md +mv latest/* ../helm-chart/ +rm -r latest +rm latest.yml +mv latest.yml.backup latest.yml + +# Get version of AIO +AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')" +sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml + +# Conversion of sample.conf +cp sample.conf /tmp/ +sed -i "/^APACHE_IP_BINDING/d" /tmp/sample.conf +sed -i 's|"||g' /tmp/sample.conf +sed -i 's|=|: |' /tmp/sample.conf +sed -i 's|= |: |' /tmp/sample.conf +sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf +sed -i 's|^NEXTCLOUD_MOUNT: .*|NEXTCLOUD_MOUNT: # Setting this to any value allows to enable external storages in Nextcloud|' /tmp/sample.conf +sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR: # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf +echo 'MAX_STORAGE_SIZE: 10Gi # You can adjust the max storage that each volume can use with this value' >> /tmp/sample.conf +echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf +mv /tmp/sample.conf ../helm-chart/values.yaml + +ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)" +mapfile -t ENABLED_VARIABLES <<< "$ENABLED_VARIABLES" + +cd ../helm-chart/ +for variable in "${ENABLED_VARIABLES[@]}"; do + name="$(echo "$variable" | sed 's|_ENABLED||g' | tr '[:upper:]' '[:lower:]')" + # shellcheck disable=SC1083 + find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; + # shellcheck disable=SC1083 + find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "$ a {{- end }}" \{} \; + # shellcheck disable=SC1083 + find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; + # shellcheck disable=SC1083 + find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; +done + +chmod 777 -R ./ + +set +ex diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml new file mode 100755 index 00000000..5ec3fcdf --- /dev/null +++ b/helm-chart/values.yaml @@ -0,0 +1,34 @@ +IMAGE_TAG: latest # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support +AIO_TOKEN: 123456 # Has no function but needs to be set! +AIO_URL: localhost # Has no function but needs to be set! +APACHE_MAX_SIZE: 10737418240 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT +APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a reverse proxy. +CLAMAV_ENABLED: no # Setting this to yes enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support +COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru # You can change this in order to enable other dictionaries for collabora +COLLABORA_ENABLED: yes # Setting this to yes enables the option in Nextcloud automatically. +COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. +DATABASE_PASSWORD: # TODO! This needs to be a unique and good password! +FULLTEXTSEARCH_ENABLED: no # Setting this to yes enables the option in Nextcloud automatically. +IMAGINARY_ENABLED: no # Setting this to yes enables the option in Nextcloud automatically. +JANUS_API_KEY: # TODO! This needs to be a unique and good password! +NC_DOMAIN: yourdomain.com # TODO! Needs to be changed to the domain that you want to use for Nextcloud. +NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. +NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. +NEXTCLOUD_MAX_TIME: 3600 # This allows to change the upload time limit of the Nextcloud container +NEXTCLOUD_MEMORY_LIMIT: 512M # This allows to change the PHP memory limit of the Nextcloud container +NEXTCLOUD_MOUNT: # Setting this to any value allows to enable external storages in Nextcloud +NEXTCLOUD_PASSWORD: # TODO! This is the password of the initially created Nextcloud admin with username admin. +NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time +NEXTCLOUD_TRUSTED_CACERTS_DIR: # Setting this to any value allows to automatically import root certificates into the Nextcloud container +NEXTCLOUD_UPLOAD_LIMIT: 10G # This allows to change the upload limit of the Nextcloud container +ONLYOFFICE_ENABLED: no # Setting this to yes enables the option in Nextcloud automatically. +ONLYOFFICE_SECRET: # TODO! This needs to be a unique and good password! +REDIS_PASSWORD: # TODO! This needs to be a unique and good password! +SIGNALING_SECRET: # TODO! This needs to be a unique and good password! +TALK_ENABLED: yes # Setting this to yes enables the option in Nextcloud automatically. +TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. +TIMEZONE: Europe/Berlin # TODO! This is the timezone that your containers will use. +TURN_SECRET: # TODO! This needs to be a unique and good password! +UPDATE_NEXTCLOUD_APPS: no # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays. +MAX_STORAGE_SIZE: 10Gi # You can adjust the max storage that each volume can use with this value +STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes