sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 00:11:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(nextcloud): Use nextcloud image with bundled nginx

Browse Source
This commit is contained in:
Dominik Kaminski
2024-09-10 12:10:10 +02:00
parent a7ea701cc6
commit 81f5969653
8 changed files with 42 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -29,10 +29,10 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
openDesk currently features the following functional main components: openDesk currently features the following functional main components:
| Function | Functional Component | Component<br/>Version | Upstream Documentation | | Function | Functional Component | Component<br/>Version | Upstream Documentation |
| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | | -------------------- | --------------------------- |---------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67) | [For the most recent release](https://element.io/user-guide) | | Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67) | [For the most recent release](https://element.io/user-guide) |
| Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) | | Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
| File management | Nextcloud | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5) | [Nextcloud 28](https://docs.nextcloud.com/) | | File management | Nextcloud | [29.0.7](https://nextcloud.com/de/changelog/#29-0-7) | [Nextcloud 29](https://docs.nextcloud.com/) |
| Groupware | OX App Suite | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/) | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) | | Groupware | OX App Suite | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/) | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
| Knowledge management | XWiki | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) | | Knowledge management | XWiki | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
| Portal & IAM | Nubus | Product Preview[^1] | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html) | | Portal & IAM | Nubus | Product Preview[^1] | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html) |

14
helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
View File

@@ -114,28 +114,30 @@ containerSecurityContext:
- "ALL" - "ALL"
enabled: true enabled: true
privileged: false privileged: false
runAsUser: 65532 runAsUser: 101
runAsGroup: 65532 runAsGroup: 101
seccompProfile: seccompProfile:
type: "RuntimeDefault" type: "RuntimeDefault"
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloudManagement | toYaml | nindent 4 }} {{ .Values.seLinuxOptions.nextcloudManagement | toYaml | nindent 4 }}
podSecurityContext:
fsGroup: 101
debug: debug:
loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }} loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudManagement.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
repository: {{ .Values.images.nextcloudManagement.repository | quote }} repository: {{ .Values.images.nextcloud.repository | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloudManagement.tag | quote }} tag: {{ .Values.images.nextcloud.tag | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}
resources: resources:
{{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }} {{ .Values.resources.nextcloud | toYaml | nindent 4 }}
... ...

70
helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
View File

@@ -46,9 +46,9 @@ exporter:
resources: resources:
{{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }} {{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }}
php: aio:
additionalAnnotations: additionalAnnotations:
intents.otterize.com/service-name: "opendesk-nextcloud-php" intents.otterize.com/service-name: "opendesk-nextcloud"
configuration: configuration:
cache: cache:
auth: auth:
@@ -75,57 +75,23 @@ php:
- "ALL" - "ALL"
enabled: true enabled: true
privileged: false privileged: false
runAsUser: 65532 runAsUser: 101
runAsGroup: 65532 runAsGroup: 101
seccompProfile: seccompProfile:
type: "RuntimeDefault" type: "RuntimeDefault"
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloudPHP | toYaml | nindent 6 }} {{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
cron: cron:
successfulJobsHistoryLimit: {{ if .Values.debug.enabled }}"3"{{ else }}"0"{{ end }} successfulJobsHistoryLimit: {{ if .Values.debug.enabled }}"3"{{ else }}"0"{{ end }}
debug: debug:
loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }} loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudPHP.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
repository: "{{ .Values.images.nextcloudPHP.repository }}" repository: "{{ .Values.images.nextcloud.repository }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloudPHP.tag | quote }} tag: {{ .Values.images.nextcloud.tag | quote }}
podAnnotations: {}
prometheus:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
labels:
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
prometheusRule:
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
additionalLabels:
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
replicaCount: {{ .Values.replicas.nextcloudPHP }}
resources:
{{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }}
apache2:
configuration:
php:
host: "opendesk-nextcloud-php.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
trustedProxies: {{ join " " .Values.cluster.networking.cidr | quote }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 65532
runAsGroup: 65532
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloudApache2 | toYaml | nindent 6 }}
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
annotations: annotations:
@@ -139,14 +105,20 @@ apache2:
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
tls: tls:
secretName: {{ .Values.ingress.tls.secretName | quote }} secretName: {{ .Values.ingress.tls.secretName | quote }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudApache2.registry | quote }}
repository: {{ .Values.images.nextcloudApache2.repository | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloudApache2.tag | quote }}
podAnnotations: {} podAnnotations: {}
replicaCount: {{ .Values.replicas.nextcloudApache2 }} podSecurityContext:
fsGroup: 101
prometheus:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
labels:
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
prometheusRule:
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
additionalLabels:
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
replicaCount: {{ .Values.replicas.nextcloud }}
resources: resources:
{{ .Values.resources.nextcloudApache2 | toYaml | nindent 4 }} {{ .Values.resources.nextcloud | toYaml | nindent 4 }}
... ...

4
helmfile/environments/default/charts.yaml
View File

@@ -182,7 +182,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
name: "opendesk-nextcloud" name: "opendesk-nextcloud"
version: "3.2.0" version: "3.3.4"
verify: true verify: true
nextcloudManagement: nextcloudManagement:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -192,7 +192,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
name: "opendesk-nextcloud-management" name: "opendesk-nextcloud-management"
version: "3.2.0" version: "3.3.4"
verify: true verify: true
nginx: nginx:
# providerCategory: "Community" # providerCategory: "Community"

24
helmfile/environments/default/images.yaml
View File

@@ -178,14 +178,14 @@ images:
registry: "registry-1.docker.io" registry: "registry-1.docker.io"
repository: "bitnami/minio" repository: "bitnami/minio"
tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7" tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7"
nextcloudApache2: nextcloud:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de" # upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
tag: "1.2.2@sha256:c8d12747649ca4c686f75f6318f2b10e324260678214a04332a21e591ed80735" tag: "2.2.0@sha256:a7ba27a7a8df4afae1937898ae64dbae6181629295bcb6b9bbd39fd9b8c25903"
nextcloudExporter: nextcloudExporter:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -194,22 +194,6 @@ images:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-exporter" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-exporter"
tag: "1.0.1@sha256:63e63c7420e37d3989fa0ffdbcf18a07b2a603ab9b2a849c2e7e44342dd82af0" tag: "1.0.1@sha256:63e63c7420e37d3989fa0ffdbcf18a07b2a603ab9b2a849c2e7e44342dd82af0"
nextcloudManagement:
# providerCategory: "Platform"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
tag: "1.6.3@sha256:e048bccfb166bebf2ff97a3b7a473631c17893e544f549534a7e329abdaa772a"
nextcloudPHP:
# providerCategory: "Platform"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
tag: "1.12.3@sha256:72e574b5862bb0bd6798754931bc9a5d1092d802c14cb69e40fa5f3b23ba9674"
nubusDataLoader: nubusDataLoader:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"

4
helmfile/environments/default/replicas.yaml
View File

@@ -148,11 +148,9 @@ replicas:
# -- component: Filestore (Nextcloud) # -- component: Filestore (Nextcloud)
# -- scalable: true # -- scalable: true
nextcloudApache2: 1 nextcloud: 1
# -- scalable: true # -- scalable: true
nextcloudExporter: 1 nextcloudExporter: 1
# -- scalable: true
nextcloudPHP: 1
# -- component: Project management (OpenProject) # -- component: Project management (OpenProject)
# -- scalable: true # -- scalable: true

13
helmfile/environments/default/resources.yaml
View File

@@ -204,13 +204,13 @@ resources:
requests: requests:
cpu: 0.25 cpu: 0.25
memory: "256Mi" memory: "256Mi"
nextcloudApache2: nextcloud:
limits: limits:
cpu: 99 cpu: 99
memory: "256Mi" memory: "1Gi"
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "128Mi" memory: "512Mi"
nextcloudExporter: nextcloudExporter:
limits: limits:
cpu: 99 cpu: 99
@@ -218,13 +218,6 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "32Mi" memory: "32Mi"
nextcloudPHP:
limits:
cpu: 99
memory: "1Gi"
requests:
cpu: 0.1
memory: "512Mi"
openproject: openproject:
limits: limits:
cpu: 99 cpu: 99

3
helmfile/environments/default/selinux.yaml
View File

@@ -34,10 +34,9 @@ seLinuxOptions:
migrations: ~ migrations: ~
milter: ~ milter: ~
minio: ~ minio: ~
nextcloudApache2: ~ nextcloud: ~
nextcloudExporter: ~ nextcloudExporter: ~
nextcloudManagement: ~ nextcloudManagement: ~
nextcloudPHP: ~
opendeskKeycloakBootstrap: ~ opendeskKeycloakBootstrap: ~
openproject: ~ openproject: ~
openprojectBootstrap: ~ openprojectBootstrap: ~