From ed590c77cb948aab116ba9f8265d22eb438b13ee Mon Sep 17 00:00:00 2001 From: jacob Date: Tue, 30 Sep 2025 10:12:27 +0200 Subject: [PATCH] a --- helm/nextcloud/Chart.yaml | 8 +- helm/nextcloud/values.yaml | 1005 ++++++++++++++++++++++++++++++++++-- 2 files changed, 963 insertions(+), 50 deletions(-) diff --git a/helm/nextcloud/Chart.yaml b/helm/nextcloud/Chart.yaml index 6b17375..4570e3b 100644 --- a/helm/nextcloud/Chart.yaml +++ b/helm/nextcloud/Chart.yaml @@ -2,10 +2,16 @@ apiVersion: v2 name: nextcloud type: application version: 0.1.0 -appVersion: "latest" +appVersion: "31.0.9" keywords: - nextcloud - files - cloud sources: - https://github.com/nextcloud/helm +dependencies: + - name: collabora-online + version: 1.1.20 + repository: https://collaboraonline.github.io/online + condition: collabora.enabled + alias: collabora diff --git a/helm/nextcloud/values.yaml b/helm/nextcloud/values.yaml index a881839..92880f8 100644 --- a/helm/nextcloud/values.yaml +++ b/helm/nextcloud/values.yaml @@ -1,68 +1,975 @@ +## ref: https://hub.docker.com/r/library/nextcloud/tags/ +## +image: + repository: nextcloud + flavor: apache + tag: + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" +podAnnotations: {} +deploymentAnnotations: {} +deploymentLabels: {} + +replicaCount: 2 + +ingress: + enabled: false + classname: nginx + annotations: {} + nginx.ingress.kubernetes.io/proxy-body-size: 4G + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-prod + # Keep this in sync with the README.md: + nginx.ingress.kubernetes.io/server-snippet: |- + server_tokens off; + proxy_hide_header X-Powered-By; + rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; + rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:autotest|occ|issue|indie|db_|console) { + deny all; + } + #tls: + # - secretName: nextcloud-tls + # hosts: + # - nextcloud.darkstars.local + labels: {} + path: / + pathType: Prefix + +lifecycle: {} + +phpClientHttpsFix: + enabled: false + protocol: https + nextcloud: - enabled: true + host: nextcloud.darkstars.local + username: admin + password: changeme + existingSecret: + enabled: false + usernameKey: nextcloud-username + passwordKey: nextcloud-password + tokenKey: "" + smtpUsernameKey: smtp-username + smtpPasswordKey: smtp-password + smtpHostKey: smtp-host + update: 0 + containerPort: 80 + datadir: /var/www/html/data + persistence: + subPath: + trustedDomains: [] + mail: + enabled: false + fromAddress: user + domain: domain.com + smtp: + host: domain.com + secure: ssl + port: 465 + authtype: LOGIN + name: user + password: pass + objectStore: + s3: + enabled: false + # ignored if nextcloud.objectstore.s3.existingSecret is not empty string + accessKey: "" + # ignored if nextcloud.objectstore.s3.existingSecret is not empty string + secretKey: "" + # use legacy auth method + legacyAuth: false + # s3 endpoint to use; only required if you're not using AWS + host: "" + # use TLS/SSL for S3 connections + ssl: true + # default port that can be changed based on your object store, e.g. for minio, you can use 9000 + port: "443" + # this is the default in the nextcloud docs + region: "eu-west-1" + # required if using s3, the name of the bucket you'd like to use + bucket: "" + # object prefix in bucket + prefix: "" + # set to true if you are not using DNS for your buckets. + usePathStyle: false + # autocreate the bucket + autoCreate: false + # optonal parameter: you probably want to keep this as default + storageClass: "STANDARD" + # server side encryption key. learn more: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#s3-sse-c-encryption-support + sse_c_key: "" + # use an existingSecret for S3 credentials. If set, we ignore the following under nextcloud.objectStore.s3 + # endpoint, accessKey, secretKey + existingSecret: "" + secretKeys: + # key in nextcloud.objectStore.s3.existingSecret to use for s3 endpoint + host: "" + # key in nextcloud.objectStore.s3.existingSecret to use for s3 accessKeyID + accessKey: "" + # key in nextcloud.objectStore.s3.existingSecret to use for s3 secretAccessKey + secretKey: "" + # key in nextcloud.objectStore.s3.existingSecret to use for the s3 bucket + bucket: "" + # key in nextcloud.objectStore.s3.existingSecret to use for the s3 sse_c_key + sse_c_key: "" + ## options related to using Swift as a primary object storage + # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#openstack-swift + swift: + enabled: false + # swift user info + user: + domain: "Default" + name: "" + password: "" + # swift project info + project: + name: "" + domain: "Default" + # The Identity / Keystone endpoint + url: "" + region: "" + # optional on some swift implementations + service: "swift" + # the container to store the data in + container: "" + # autocreate container + autoCreate: false + + ## PHP Configuration files + # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true + phpConfigs: {} + ## Default config files that utilize environment variables: + # see: https://github.com/nextcloud/docker/tree/master#auto-configuration-via-environment-variables + # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself + # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/.config + defaultConfigs: + # To protect /var/www/html/config + .htaccess: true + # Apache configuration for rewrite urls + apache-pretty-urls.config.php: true + # Define APCu as local cache + apcu.config.php: true + # Apps directory configs + apps.config.php: true + # Used for auto configure database + autoconfig.php: true + # Redis default configuration + redis.config.php: true + # Reverse proxy default configuration + reverse-proxy.config.php: true + # S3 Object Storage as primary storage + s3.config.php: true + # SMTP default configuration via environment variables + smtp.config.php: true + # Swift Object Storage as primary storage + swift.config.php: true + # disables the web based updater as the default nextcloud docker image does not support it + upgrade-disable-web.config.php: true + # -- imaginary support config + imaginary.config.php: false + + # Extra config files created in /var/www/html/config/ + # ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file + configs: {} + # For example, to enable image and text file previews: + # previews.config.php: |- + # true, + # 'enabledPreviewProviders' => array ( + # 'OC\Preview\Movie', + # 'OC\Preview\PNG', + # 'OC\Preview\JPEG', + # 'OC\Preview\GIF', + # 'OC\Preview\BMP', + # 'OC\Preview\XBitmap', + # 'OC\Preview\MP3', + # 'OC\Preview\MP4', + # 'OC\Preview\TXT', + # 'OC\Preview\MarkDown', + # 'OC\Preview\PDF' + # ), + # ); + + # Hooks for auto configuration + # Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d//helm.sh` + # ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders + hooks: + pre-installation: + post-installation: + pre-upgrade: + post-upgrade: + before-starting: + + ## Strategy used to replace old pods + ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + strategy: + type: Recreate + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + + ## + ## Extra environment variables + extraEnv: + # - name: SOME_SECRET_ENV + # valueFrom: + # secretKeyRef: + # name: nextcloud + # key: secret_key + + # Extra init containers that runs before pods start. + extraInitContainers: [] + # - name: do-something + # image: busybox + # command: ['do', 'something'] + + # Extra sidecar containers. + extraSidecarContainers: [] + # - name: nextcloud-logger + # image: busybox + # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log'] + # volumeMounts: + # - name: nextcloud-data + # mountPath: /run/nextcloud/data + + # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume + # to NextCloud pods in Kubernetes. This can then be configured in External Storage + extraVolumes: + # - name: nfs + # nfs: + # server: "10.0.0.1" + # path: "/nextcloud_data" + # readOnly: false + extraVolumeMounts: + # - name: nfs + # mountPath: "/legacy_data" + + # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container). + # For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: false + + # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive + podSecurityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: false + + # Settings for the MariaDB init container + mariaDbInitContainer: + resources: {} + # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + + # Settings for the PostgreSQL init container + postgreSqlInitContainer: + resources: {} + # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + +nginx: + ## You need to set an fpm version of the image for nextcloud if you want to use nginx! + enabled: false + image: - repository: nextcloud - tag: "28-fpm" # pick a stable tag you want + repository: nginx + tag: alpine pullPolicy: IfNotPresent - admin: - user: admin - password: changeme - + containerPort: 80 + # This configures nginx to listen on either IPv4, IPv6 or both + ipFamilies: + - IPv4 + # - IPv6 config: - proxy.config.php: |- - - array ( - 0 => 'nextcloud.darkstars.local', - ), - ); + # This generates the default nginx config as per the nextcloud documentation + default: true + headers: + # -- HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + # Example: + # "Strict-Transport-Security": "max-age=15768000; includeSubDomains; preload;" + "Strict-Transport-Security": "" + "Referrer-Policy": "no-referrer" + "X-Content-Type-Options": "nosniff" + "X-Frame-Options": "SAMEORIGIN" + "X-Permitted-Cross-Domain-Policies": "none" + "X-Robots-Tag": "noindex, nofollow" + "X-XSS-Protection": "1; mode=block" - # Use built-in default SQLite for quick test deployments. For production, use external DB. - database: - type: sqlite - # For PostgreSQL/MySQL, disable sqlite and configure external DB here. + # Added in server block of default config. + serverBlockCustom: | + # set max upload size + client_max_body_size 10G; + client_body_timeout 300s; + fastcgi_buffers 64 4K; + fastcgi_read_timeout 3600s; - # Persistence: enable to keep user files across pod restarts (recommended for production) - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 10Gi - storageClass: "" + custom: + # custom: |- + # worker_processes 1;.. - # Service type (ClusterIP/LoadBalancer) - service: - type: ClusterIP - port: 80 - nodePort: null + resources: {} - # Ingress (disabled by default) - ingress: - enabled: false - annotations: {} - hosts: - - host: nextcloud.darkstars.local - paths: - - / - tls: [] + # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # the nginx alpine container default user is 82 + # runAsUser: 82 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true - # Resources (small defaults; tune for your cluster) - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 512Mi + ## Extra environment variables + extraEnv: [] + # - name: SOME_ENV + # value: ENV_VALUE -mariadb: +internalDatabase: + enabled: true + name: nextcloud + +## +## External database configuration +## +externalDatabase: enabled: false + ## Supported database engines: mysql or postgresql + type: mysql + + ## Database host. You can optionally include a colon delimited port like "myhost:1234" + host: "" + + ## Database user + user: nextcloud + + ## Database password + password: "" + + ## Database name + database: nextcloud + + ## Use a existing secret + existingSecret: + enabled: false + # secretName: nameofsecret + usernameKey: db-username + passwordKey: db-password + # hostKey: db-hostname-or-ip + # databaseKey: db-name + +global: + security: + # required for bitnamilegacy repos + allowInsecureImages: true + +## +## MariaDB chart configuration +## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb +## +mariadb: + ## Whether to deploy a mariadb server from the bitnami mariab db helm chart + # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true + # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters + enabled: false + + image: + repository: bitnamilegacy/mariadb + + # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters + global: + # overwrites the primary.persistence.storageClass value + defaultStorageClass: "" + + auth: + database: nextcloud + username: nextcloud + password: changeme + # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored). + # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password + existingSecret: "" + + architecture: standalone + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + primary: + persistence: + enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + existingClaim: "" + storageClass: "" + accessMode: ReadWriteOnce + size: 8Gi + +## +## PostgreSQL chart configuration +## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql +## +postgresql: + enabled: false + image: + repository: bitnamilegacy/postgresql + global: + postgresql: + # global.postgresql.auth overrides postgresql.auth + auth: + username: nextcloud + password: changeme + database: nextcloud + # Name of existing secret to use for PostgreSQL credentials. + # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret. + # secret might also contains the key ldap-password if LDAP is enabled. + # ldap.bind_password will be ignored and picked from this secret in this case. + existingSecret: "" + # Names of keys in existing secret to use for PostgreSQL credentials + secretKeys: + adminPasswordKey: "" + userPasswordKey: "" + replicationPasswordKey: "" + primary: + persistence: + enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + # existingClaim: "" + # storageClass: "" + +## +## External Redis configuration +## +externalRedis: + enabled: false + + ## Redis host + host: "" + + ## Redis port + port: "6379" + + ## Redis password + password: "" + + ## Use a existing secret + existingSecret: + enabled: false + # secretName: nameofsecret + passwordKey: redis-password + +## +## Redis chart configuration +## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis +## + redis: enabled: false + image: + repository: bitnamilegacy/redis + auth: + enabled: true + password: "changeme" + # name of an existing secret with RedisĀ® credentials (instead of auth.password), must be created ahead of time + existingSecret: "" + # Password key to be retrieved from existing secret + existingSecretPasswordKey: "" + # Since Redis is used for caching only, you might want to use a storageClass with different reclaim policy and backup settings + global: + storageClass: "" + master: + persistence: + enabled: true + replica: + persistence: + enabled: true -probe: +## +## Collabora chart configuration +## for more options see https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online +## +collabora: + enabled: false + + autoscaling: + # enable autocaling, please check collabora README.md first + enabled: false + + collabora: + ## HTTPS nextcloud domain, if needed + aliasgroups: [] + # - host: "https://nextcloud.domain:443" + + # set extra parameters for collabora + # you may need to add --o:ssl.termination=true + extra_params: --o:ssl.enable=false + + ## Specify server_name when the hostname is not reachable directly for + # example behind reverse-proxy. example: collabora.domain + server_name: null + + existingSecret: + # set to true to to get collabora admin credentials from an existin secret + # if set, ignores collabora.collabora.username and password + enabled: false + # name of existing Kubernetes Secret with collboara admin credentials + secretName: "" + usernameKey: "username" + passwordKey: "password" + + # setup admin login credentials, these are ignored if + # collabora.collabora.existingSecret.enabled=true + password: examplepass + username: admin + + # setup ingress + ingress: + # enable ingress for collabora online + enabled: false + className: "" + # please check collabora values.yaml for nginx/haproxy annotations examples + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: collabora-ingress-tls + # hosts: + # - collabora.domain + + # see collabora helm README.md for recommended values + resources: {} + +## Cronjob to execute Nextcloud background tasks +## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron +## +cronjob: + enabled: false + + # Either 'sidecar' or 'cronjob' + type: sidecar + + # Runs crond as a sidecar container in the Nextcloud pod + # Note: crond requires root + sidecar: + ## Cronjob sidecar resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + + # Allow configuration of lifecycle hooks + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ + lifecycle: {} + # lifecycle: + # postStartCommand: [] + # preStopCommand: [] + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + # The command the cronjob container executes. + command: + - /cron.sh + + # Uses a Kubernetes CronJob to execute the Nextcloud cron tasks + # Note: can run as non-root user. Should run as same user as the Nextcloud pod. + cronjob: + # Use a CronJob instead of crond sidecar container + # crond does not work when not running as root user + # Note: requires `persistence.enabled=true` + schedule: "*/5 * * * *" + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 5 + labels: {} + annotations: {} + backoffLimit: 1 + affinity: {} + # Often RWO volumes are used. But the cronjob pod needs access to the same volume as the nextcloud pod. + # Depending on your provider two pods on the same node can still access the same volume. + # Following config ensures that the cronjob pod is scheduled on the same node as the nextcloud pod. + # affinity: + # podAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - nextcloud + # - key: app.kubernetes.io/component + # operator: In + # values: + # - app + # topologyKey: kubernetes.io/hostname + + ## Resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # Allow configuration of lifecycle hooks + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + # The command to run in the cronjob container + # Example to incerase memory limit: php -d memory_limit=2G ... + command: + - php + - -f + - /var/www/html/cron.php + - -- + - --verbose + +service: + type: ClusterIP + port: 8080 + loadBalancerIP: "" + nodePort: + # -- use additional annotation on service for nextcloud + annotations: {} + # -- Set this to "ClientIP" to make sure that connections from the same client + # are passed to the same Nextcloud pod each time. + sessionAffinity: "" + sessionAffinityConfig: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + # Nextcloud Data (/var/www/html) + enabled: false + annotations: {} + ## nextcloud data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 8Gi + + ## Use an additional pvc for the data directory rather than a subpath of the default PVC + ## Useful to store data on a different storageClass (e.g. on slower disks) + nextcloudData: + enabled: false + subPath: + annotations: {} + # storageClass: "-" + # existingClaim: + accessMode: ReadWriteOnce + size: 8Gi + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Liveness and readiness probe values +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +startupProbe: + enabled: false initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + +## Enable pod autoscaling using HorizontalPodAutoscaler +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## +hpa: + enabled: false + cputhreshold: 60 + minPods: 1 + maxPods: 10 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +dnsConfig: {} +# Custom dns config for Nextcloud containers. +# You can for example configure ndots. This may be needed in some clusters with alpine images. +# options: +# - name: ndots +# value: "1" + +imaginary: + # -- Start Imgaginary + enabled: false + # -- Number of imaginary pod replicas to deploy + replicaCount: 1 + + image: + # -- Imaginary image registry + registry: docker.io + # -- Imaginary image name + repository: h2non/imaginary + # -- Imaginary image tag + tag: 1.2.4 + # -- Imaginary image pull policy + pullPolicy: IfNotPresent + # -- Imaginary image pull secrets + pullSecrets: [] + + # -- Additional annotations for imaginary + podAnnotations: {} + # -- Additional labels for imaginary + podLabels: {} + # -- Imaginary pod nodeSelector + nodeSelector: {} + # -- Imaginary pod tolerations + tolerations: [] + + # -- imaginary resources + resources: {} + + # -- Optional security context for the Imaginary container + securityContext: + runAsUser: 1000 + runAsNonRoot: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + + # -- Optional security context for the Imaginary pod (applies to all containers in the pod) + podSecurityContext: {} + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + + readinessProbe: + enabled: true + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + timeoutSeconds: 1 + livenessProbe: + enabled: true + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + timeoutSeconds: 1 + + service: + # -- Imaginary: Kubernetes Service type + type: ClusterIP + # -- Imaginary: LoadBalancerIp for service type LoadBalancer + loadBalancerIP: + # -- Imaginary: NodePort for service type NodePort + nodePort: + # -- Additional annotations for service imaginary + annotations: {} + # -- Additional labels for service imaginary + labels: {} + +## Prometheus Exporter / Metrics +## +metrics: + enabled: false + + replicaCount: 1 + # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container. + # Without it, we will use the full name of the nextcloud service + server: "" + # The metrics exporter needs to know how you serve Nextcloud either http or https + https: false + # Use API token if set, otherwise fall back to password authentication + # https://github.com/xperimental/nextcloud-exporter#token-authentication + # Currently you still need to set the token manually in your nextcloud install + token: "" + timeout: 5s + # if set to true, exporter skips certificate verification of Nextcloud server. + tlsSkipVerify: false + info: + # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container. + # Enables gathering of apps-related metrics. Defaults to false + apps: false + update: false + + image: + repository: xperimental/nextcloud-exporter + tag: 0.8.0 + pullPolicy: IfNotPresent + # pullSecrets: + # - myRegistrKeySecretName + + ## Metrics exporter resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + + # -- Metrics exporter pod Annotation + podAnnotations: {} + + # -- Metrics exporter pod Labels + podLabels: {} + + # -- Metrics exporter pod nodeSelector + nodeSelector: {} + + # -- Metrics exporter pod tolerations + tolerations: [] + + # -- Metrics exporter pod affinity + affinity: {} + + service: + type: ClusterIP + # Use serviceLoadBalancerIP to request a specific static IP, + # otherwise leave blank + loadBalancerIP: + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9205" + labels: {} + + # -- security context for the metrics CONTAINER in the pod + securityContext: + runAsUser: 1000 + runAsNonRoot: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + + # -- security context for the metrics POD + podSecurityContext: {} + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + + ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace) + namespaceSelector: + + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: 30s + + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + + rules: + # -- Deploy Prometheus Rules (Alerts) for the exporter + # @section -- Metrics + enabled: false + # -- Label on Prometheus Rules CRD Manifest + # @section -- Metrics + labels: {} + defaults: + # -- Add Default Rules + # @section -- Metrics + enabled: true + # -- Label on the rules (the severity is already set) + # @section -- Metrics + labels: {} + # -- Filter on metrics on alerts (default just for this helm-chart) + # @section -- Metrics + filter: "" + # -- Add own Rules to Prometheus Rules + # @section -- Metrics + additionalRules: [] + +rbac: + enabled: false + serviceaccount: + create: true + name: nextcloud-serviceaccount + annotations: {} + +## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead +securityContext: {}