nextcloud configuration

kustomize/base/nextcloud/kustomization.yaml

@@ -1,4 +1,15 @@
 resources:
   - namespace.yaml
+  - nextcloud-deployment.yaml
+  - nextcloud-cronjob.yaml
+  - mariadb-deployment.yaml
+
+secretGenerator:
+  - name: mariadb-credentials-secret
+    type: Opaque
+    literals:
+      - database=nextcloud
+      - username=nextcloud
+      - password=replaceme
 
 namespace: nextcloud

kustomize/base/nextcloud/mariadb-deployment.yaml

@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mariadb-deployment
+spec:
+  selector:
+    matchLabels:
+      app: mariadb
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mariadb
+    spec:
+      containers:
+        - name: mariadb
+          image: mariadb:10.5.2
+          env:
+            - name: MYSQL_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: database
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: username
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: password
+            - name: MYSQL_RANDOM_ROOT_PASSWORD
+              value: "yes"
+          ports:
+            - name: mariadb
+              containerPort: 3306
+          volumeMounts:
+            - name: mariadb-pvc
+              mountPath: /var/lib/mysql
+      volumes:
+        - name: mariadb-pvc
+          persistentVolumeClaim:
+            claimName: mariadb-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pvc
+  labels:
+    app: mariadb
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb
+  labels:
+    app: mariadb
+spec:
+  selector:
+    app: mariadb
+  ports:
+    - name: mariadb
+      port: 3306

kustomize/base/nextcloud/namespace.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: gitea
+  name: nextcloud

kustomize/base/nextcloud/nextcloud-cronjob.yaml

@@ -0,0 +1,28 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: nextcloud-cronjob
+spec:
+  schedule: "*/15 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: nextcloud
+              image: nextcloud:18.0.4
+              securityContext:
+                runAsUser: 33
+                runAsGroup: 33
+              volumeMounts:
+                - name: nextcloud-pvc
+                  mountPath: /var/www/html
+              command:
+                - php
+                - -f
+                - /var/www/html/cron.php
+          volumes:
+            - name: nextcloud-pvc
+              persistentVolumeClaim:
+                claimName: nextcloud-pvc

kustomize/base/nextcloud/nextcloud-deployment.yaml

@@ -0,0 +1,94 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud-deployment
+  labels:
+    app: nextcloud
+spec:
+  selector:
+    matchLabels:
+      app: nextcloud
+  template:
+    metadata:
+      labels:
+        app: nextcloud
+    spec:
+      containers:
+        - name: nextcloud
+          image: nextcloud:18.0.4
+          env:
+            - name: TRUSTED_PROXIES
+              value: 10.0.0.0/8
+            - name: MYSQL_HOST
+              value: mariadb.nextcloud.svc:3306
+            - name: MYSQL_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: database
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: username
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: password
+          ports:
+            - name: http
+              containerPort: 80
+          volumeMounts:
+            - name: nextcloud-pvc
+              mountPath: /var/www/html
+      volumes:
+        - name: nextcloud-pvc
+          persistentVolumeClaim:
+            claimName: nextcloud-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-pvc
+  labels:
+    app: nextcloud
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud
+  labels:
+    app: nextcloud
+spec:
+  selector:
+    app: nextcloud
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: http
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: nextcloud-ingress
+  labels:
+    app: nextcloud
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - host: nextcloud.127.0.0.1.nip.io
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: nextcloud
+          servicePort: http

kustomize/environment/dev/kustomization.yaml

@@ -2,6 +2,7 @@ bases:
   - ../../base/ingress-controller
   - ../../base/kubernetes-dashboard
   - ../../base/gitea
+  - ../../base/nextcloud
 
 # secretGenerator:
 #   - name: drone-gitea-oauth-secret