marcio.fernandes/nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

using kustomization for deploy

Browse Source
This commit is contained in:
Márcio Fernandes
2025-12-31 20:27:59 +00:00
parent 3e5ba0ccfa
commit 84111b37ce
14 changed files with 55 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
deploy/app/cronjobs/backup-cronjob.yaml Normal file
View File

@@ -0,0 +1,129 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup
namespace: cloud-limbosolutions-com
spec:
schedule: "0 2 * * *"
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
initContainers:
- name: mariadb-client
resources:
limits:
memory: "512Mi"
cpu: "500m"
requests:
memory: "256Mi"
cpu: "250m"
image: alpine/mysql
command: ["sh", "-c"]
args:
- |
set -e
mkdir -p /data/mariadb-export
echo "TRACE: Exporting database"
#mysqldump --column-statistics=0 -u ${MYSQL_USER} -h ${MYSQL_HOST} ${MYSQL_DB} > /data/mariadb-export/backup.sql
mysqldump -u ${MYSQL_USER} -h ${MYSQL_HOST} ${MYSQL_DB} > /data/mariadb-export/backup.sql
echo "TRACE: Exporting database finished"
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-username
- name: MYSQL_PWD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-password
- name: MYSQL_DB
valueFrom:
secretKeyRef:
name: backup-secret
key: DB_NAME
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: backup-secret
key: DB_HOST
volumeMounts:
- name: backup-var
mountPath: /data/mariadb-export
subPath: mariadb-export
containers:
- name: gitea-pbs-client
image: git.limbosolutions.com/kb/pbsclient
env:
- name: MODE
value: shell
- name: PBS_REPOSITORY
valueFrom:
secretKeyRef:
name: backup-secret
key: PBS_REPOSITORY
- name: PBS_PASSWORD
valueFrom:
secretKeyRef:
name: backup-secret
key: PBS_PASSWORD
- name: PBS_FINGERPRINT
valueFrom:
secretKeyRef:
name: backup-secret
key: PBS_FINGERPRINT
command: ["bash", "-c"]
args:
- |
set -e
SCRIPT_START_TIME=$(date +%s)
proxmox-backup-client backup nextcloud-html.pxar:/data/nextcloud-html nextcloud-data.pxar:/data/nextcloud-data mariadb-data.pxar:/data/mariadb-data mariadb-export.pxar:/data/mariadb-export --include-dev /data/nextcloud-html --include-dev /data/nextcloud-data --include-dev /data/mariadb-data --include-dev /data/mariadb-export --backup-id "nextcloud-full" -ns cloud.limbosolutions.com && \
SCRIPT_DURATION=$(($(date +%s) - SCRIPT_START_TIME)) && \
echo "INFO: Finished Backup of cloud.limbosolutions.com ($((SCRIPT_DURATION / 60 / 60)):$((SCRIPT_DURATION / 60)):$((SCRIPT_DURATION % 60)))"
volumeMounts:
- name: nextcloud-html
mountPath: /data/nextcloud-html
- name: nextcloud-data
mountPath: /data/nextcloud-data
- name: db-data
mountPath: /data/mariadb-data
- name: backup-var
mountPath: /tmp
subPath: tmp
- name: backup-var
mountPath: /data/mariadb-export
subPath: mariadb-export
volumes:
- name: nextcloud-html
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- name: nextcloud-data
persistentVolumeClaim:
claimName: nextcloud-nextcloud-data
- name: db-data
persistentVolumeClaim:
claimName: data-nextcloud-mariadb-0
- name: backup-var
emptyDir: {}

112
deploy/app/cronjobs/persistance-volumes-claims.yaml Normal file
View File

@@ -0,0 +1,112 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mf-documents-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: mf-documents-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: media-music-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: media-music-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: media-videos-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: media-videos-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2000Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: media-gaming-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: media-gaming-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: itstorage-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: itstorage-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1000Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mf-photos-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: mf-photos-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mf-nexcloud-storage-limbosolutions-com
namespace: cloud-limbosolutions-com
spec:
storageClassName: "" # isto tem mesmo de ficar senão não funciona não sei pq.. tem de ficar ""
volumeName: mf-nexcloud-storage-limbosolutions-com
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64Gi
---

13
deploy/app/cronjobs/secret.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: backup-secret
namespace: cloud-limbosolutions-com
data:
PBS_REPOSITORY: ${PBS_REPOSITORY}
PBS_PASSWORD: ${PBS_PASSWORD}
PBS_FINGERPRINT: ${PBS_FINGERPRINT}
DB_NAME: ${DB_NAME}
DB_HOST: ${DB_HOST}
# get sql client user and password from nextcloud secret

17
deploy/app/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cronjobs/backups/backup-borg-offsite-cronjob.yaml
- cronjobs/backups/backup-pbs-cronjob.yaml
secretGenerator:
- name: gitea-backup
namespace: git-limbosolutions-com
envs:
- cronjobs/backups/.env.d/secrets
files:
- BORG_KEY=cronjobs/backups/.env.d/borg_key
- SSH_ID_RSA=cronjobs/backups/.env.d/id_rsa
generatorOptions:
disableNameSuffixHash: true

1
deploy/helm/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
**.local**.yaml

191
deploy/helm/values.yaml Normal file
View File

@@ -0,0 +1,191 @@
image:
repository: nextcloud
flavor: apache
tag:
pullPolicy: Always
replicaCount: 1
internalDatabase:
enabled: false
externalDatabase:
enabled: type
type: mysql
mariadb:
enabled: true
architecture: standalone
primary:
persistence:
enabled: true
existingClaim: ""
storageClass: ""
accessMode: ReadWriteOnce
size: 8Gi
service:
type: ClusterIP
port: 8080
loadBalancerIP: ""
nodePort:
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 8Gi
nextcloudData:
enabled: true
subPath:
annotations: {}
accessMode: ReadWriteOnce
size: 8Gi
resources:
limits:
cpu: "1"
memory: 3000Mi
requests:
cpu: "0.5"
memory: 512Mi
## Cronjob to execute Nextcloud background tasks
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
##
cronjob:
enabled: true
## Cronjob sidecar resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# Allow configuration of lifecycle hooks
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
# postStartCommand: []
# preStopCommand: []
# Set securityContext parameters. For example, you may need to define runAsNonRoot directive
securityContext: {}
# runAsUser: 33
# runAsGroup: 33
# runAsNonRoot: true
# readOnlyRootFilesystem: true
# The command the cronjob container executes.
command:
- /cron.sh
nextcloud:
extraVolumes:
- name: mf-documents
persistentVolumeClaim:
claimName: mf-documents-storage-limbosolutions-com
- name: mf-photos
persistentVolumeClaim:
claimName: mf-photos-storage-limbosolutions-com
- name: media-gaming
persistentVolumeClaim:
claimName: media-gaming-storage-limbosolutions-com
- name: media-music
persistentVolumeClaim:
claimName: media-music-storage-limbosolutions-com
- name: media-videos
persistentVolumeClaim:
claimName: media-videos-storage-limbosolutions-com
- name: it-storage
persistentVolumeClaim:
claimName: itstorage-storage-limbosolutions-com
- name: mf-nexcloud
persistentVolumeClaim:
claimName: mf-nexcloud-storage-limbosolutions-com
extraVolumeMounts:
- name: mf-nexcloud
mountPath: /var/www/html/data/marcio.fernandes/files
- name: mf-documents
mountPath: /var/www/html/data/marcio.fernandes/files/Documents
- name: mf-photos
mountPath: /var/www/html/data/marcio.fernandes/files/Photos
- name: media-gaming
mountPath: /var/www/html/data/marcio.fernandes/files/Gaming
- name: media-music
mountPath: /var/www/html/data/marcio.fernandes/files/Music
- name: media-videos
mountPath: /var/www/html/data/marcio.fernandes/files/Videos
- name: it-storage
mountPath: /var/www/html/data/marcio.fernandes/files/NeirdStorage
configs:
https.config.php: |-
<?php
$CONFIG = array (
'overwritehost' => 'cloud.limbosolutions.com',
'overwrite.cli.url' => 'https://cloud.limbosolutions.com',
'overwriteprotocol' => 'https',
'trusted_proxies' => array ( 0 => '127.0.0.1', 1 => '::1', 2 => '10.0.0.0'),
);
# A value of 1 e.g. will only run these background jobs between 01:00am UTC and 05:00am UTC:
# https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
maintenance.config.php: |-
<?php
$CONFIG = array (
'maintenance_window_start' => 1,
);
# nextcloud:
# configs:
# logging.config.php: |-
# <?php
# $CONFIG = array (
# 'log_type' => 'file',
# 'logfile' => 'nextcloud.log',
# 'loglevel' => 0,
# 'logdateformat' => 'F d, Y H:i:s'
# );
ingress:
enabled: true
className: traefik
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure,public-https
# traefik.public-https.redirect.permanent: 'true'
# traefik.public-https.redirect.regex: 'https://(.*)/.well-known/(?:card|cal)dav'
# traefik.public-https.redirect.replacement: 'https://$$1/remote.php/dav'
# traefik.public-https.headers.STSPreload: 'true'
# traefik.public-https.headers.STSSeconds: '15552000'
# traefik.public-https.routers.nextcloud.middlewares: 'nextcloudHeader'
# traefik.web-secure.routers.nextcloud.middlewares: 'nextcloudHeader'
# traefik.websecure.headers.STSPreload: 'true'
# traefik.websecure.headers.STSSeconds: '15552000'
# traefik.websecure.redirect.permanent: 'true'
# traefik.websecure.redirect.regex: 'https://(.*)/.well-known/(?:card|cal)dav'
# traefik.websecure.redirect.replacement: 'https://$$1/remote.php/dav'
# hosts:
# - host: cloud.limbosolutions.com
# paths:
# - path: /
# pathType: Prefix
tls:
- secretName: cloud-limbosolutions-com-secret-tls
hosts:
- "cloud.limbosolutions.com"

7
deploy/infra/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
generatorOptions:
disableNameSuffixHash: true

6
deploy/infra/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: cloud-limbosolutions-com
labels:
name: cloud-limbosolutions-com