From 81f5969653388b6ce4ef4d15f4fe1cbd61a17e10 Mon Sep 17 00:00:00 2001 From: Dominik Kaminski Date: Tue, 10 Sep 2024 12:10:10 +0200 Subject: [PATCH] feat(nextcloud): Use nextcloud image with bundled nginx --- README.md | 4 +- .../values-nextcloud-mgmt.yaml.gotmpl | 14 ++-- .../nextcloud/values-nextcloud.yaml.gotmpl | 70 ++++++------------- helmfile/environments/default/charts.yaml | 4 +- helmfile/environments/default/images.yaml | 24 ++----- helmfile/environments/default/replicas.yaml | 4 +- helmfile/environments/default/resources.yaml | 13 +--- helmfile/environments/default/selinux.yaml | 3 +- 8 files changed, 42 insertions(+), 94 deletions(-) diff --git a/README.md b/README.md index 633dce96..e1f26bad 100644 --- a/README.md +++ b/README.md @@ -29,10 +29,10 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s openDesk currently features the following functional main components: | Function | Functional Component | Component
Version | Upstream Documentation | -| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | +| -------------------- | --------------------------- |---------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| | Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67) | [For the most recent release](https://element.io/user-guide) | | Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) | -| File management | Nextcloud | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5) | [Nextcloud 28](https://docs.nextcloud.com/) | +| File management | Nextcloud | [29.0.7](https://nextcloud.com/de/changelog/#29-0-7) | [Nextcloud 29](https://docs.nextcloud.com/) | | Groupware | OX App Suite | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/) | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) | | Knowledge management | XWiki | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) | | Portal & IAM | Nubus | Product Preview[^1] | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html) | diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index 65324bd6..744270a8 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -114,28 +114,30 @@ containerSecurityContext: - "ALL" enabled: true privileged: false - runAsUser: 65532 - runAsGroup: 65532 + runAsUser: 101 + runAsGroup: 101 seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: false runAsNonRoot: true seLinuxOptions: {{ .Values.seLinuxOptions.nextcloudManagement | toYaml | nindent 4 }} +podSecurityContext: + fsGroup: 101 debug: loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }} image: - registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudManagement.registry | quote }} - repository: {{ .Values.images.nextcloudManagement.repository | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }} + repository: {{ .Values.images.nextcloud.repository | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.nextcloudManagement.tag | quote }} + tag: {{ .Values.images.nextcloud.tag | quote }} theme: {{ .Values.theme | toYaml | nindent 2 }} resources: - {{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }} + {{ .Values.resources.nextcloud | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl index c4f18d2e..e0b291e0 100644 --- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl @@ -46,9 +46,9 @@ exporter: resources: {{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }} -php: +aio: additionalAnnotations: - intents.otterize.com/service-name: "opendesk-nextcloud-php" + intents.otterize.com/service-name: "opendesk-nextcloud" configuration: cache: auth: @@ -75,57 +75,23 @@ php: - "ALL" enabled: true privileged: false - runAsUser: 65532 - runAsGroup: 65532 + runAsUser: 101 + runAsGroup: 101 seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true seLinuxOptions: - {{ .Values.seLinuxOptions.nextcloudPHP | toYaml | nindent 6 }} + {{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }} cron: successfulJobsHistoryLimit: {{ if .Values.debug.enabled }}"3"{{ else }}"0"{{ end }} debug: loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }} image: - registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudPHP.registry | quote }} - repository: "{{ .Values.images.nextcloudPHP.repository }}" + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }} + repository: "{{ .Values.images.nextcloud.repository }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.nextcloudPHP.tag | quote }} - podAnnotations: {} - prometheus: - serviceMonitor: - enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }} - labels: - {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} - prometheusRule: - enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }} - additionalLabels: - {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }} - replicaCount: {{ .Values.replicas.nextcloudPHP }} - resources: - {{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }} - -apache2: - configuration: - php: - host: "opendesk-nextcloud-php.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}" - trustedProxies: {{ join " " .Values.cluster.networking.cidr | quote }} - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - enabled: true - privileged: false - runAsUser: 65532 - runAsGroup: 65532 - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: true - runAsNonRoot: true - seLinuxOptions: - {{ .Values.seLinuxOptions.nextcloudApache2 | toYaml | nindent 6 }} + tag: {{ .Values.images.nextcloud.tag | quote }} ingress: enabled: {{ .Values.ingress.enabled }} annotations: @@ -139,14 +105,20 @@ apache2: host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}" tls: secretName: {{ .Values.ingress.tls.secretName | quote }} - image: - registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudApache2.registry | quote }} - repository: {{ .Values.images.nextcloudApache2.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.nextcloudApache2.tag | quote }} podAnnotations: {} - replicaCount: {{ .Values.replicas.nextcloudApache2 }} + podSecurityContext: + fsGroup: 101 + prometheus: + serviceMonitor: + enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }} + labels: + {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} + prometheusRule: + enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }} + additionalLabels: + {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }} + replicaCount: {{ .Values.replicas.nextcloud }} resources: - {{ .Values.resources.nextcloudApache2 | toYaml | nindent 4 }} + {{ .Values.resources.nextcloud | toYaml | nindent 4 }} ... diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 1139bee4..eec499e8 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -182,7 +182,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud" - version: "3.2.0" + version: "3.3.4" verify: true nextcloudManagement: # providerCategory: "Platform" @@ -192,7 +192,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud-management" - version: "3.2.0" + version: "3.3.4" verify: true nginx: # providerCategory: "Community" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index a10980bc..dea70016 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -178,14 +178,14 @@ images: registry: "registry-1.docker.io" repository: "bitnami/minio" tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7" - nextcloudApache2: + nextcloud: # providerCategory: "Platform" # providerResponsible: "openDesk" # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" + # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud" registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" - tag: "1.2.2@sha256:c8d12747649ca4c686f75f6318f2b10e324260678214a04332a21e591ed80735" + repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud" + tag: "2.2.0@sha256:a7ba27a7a8df4afae1937898ae64dbae6181629295bcb6b9bbd39fd9b8c25903" nextcloudExporter: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -194,22 +194,6 @@ images: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-exporter" tag: "1.0.1@sha256:63e63c7420e37d3989fa0ffdbcf18a07b2a603ab9b2a849c2e7e44342dd82af0" - nextcloudManagement: - # providerCategory: "Platform" - # providerResponsible: "openDesk" - # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management" - tag: "1.6.3@sha256:e048bccfb166bebf2ff97a3b7a473631c17893e544f549534a7e329abdaa772a" - nextcloudPHP: - # providerCategory: "Platform" - # providerResponsible: "openDesk" - # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" - tag: "1.12.3@sha256:72e574b5862bb0bd6798754931bc9a5d1092d802c14cb69e40fa5f3b23ba9674" nubusDataLoader: # providerCategory: "Supplier" # providerResponsible: "Univention" diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml index eb75d2c6..de9c783d 100644 --- a/helmfile/environments/default/replicas.yaml +++ b/helmfile/environments/default/replicas.yaml @@ -148,11 +148,9 @@ replicas: # -- component: Filestore (Nextcloud) # -- scalable: true - nextcloudApache2: 1 + nextcloud: 1 # -- scalable: true nextcloudExporter: 1 - # -- scalable: true - nextcloudPHP: 1 # -- component: Project management (OpenProject) # -- scalable: true diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index 3d5c7d16..b9cf1794 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -204,13 +204,13 @@ resources: requests: cpu: 0.25 memory: "256Mi" - nextcloudApache2: + nextcloud: limits: cpu: 99 - memory: "256Mi" + memory: "1Gi" requests: cpu: 0.1 - memory: "128Mi" + memory: "512Mi" nextcloudExporter: limits: cpu: 99 @@ -218,13 +218,6 @@ resources: requests: cpu: 0.1 memory: "32Mi" - nextcloudPHP: - limits: - cpu: 99 - memory: "1Gi" - requests: - cpu: 0.1 - memory: "512Mi" openproject: limits: cpu: 99 diff --git a/helmfile/environments/default/selinux.yaml b/helmfile/environments/default/selinux.yaml index bcc02f3f..f8646a85 100644 --- a/helmfile/environments/default/selinux.yaml +++ b/helmfile/environments/default/selinux.yaml @@ -34,10 +34,9 @@ seLinuxOptions: migrations: ~ milter: ~ minio: ~ - nextcloudApache2: ~ + nextcloud: ~ nextcloudExporter: ~ nextcloudManagement: ~ - nextcloudPHP: ~ opendeskKeycloakBootstrap: ~ openproject: ~ openprojectBootstrap: ~