badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

reconfigure nextcloud

This commit is contained in:
Massaki Archambault 2021-08-27 00:57:25 -04:00
parent f90e1bb0b5
commit bc434ff3b5
16 changed files with 200 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -38,3 +38,5 @@ tags
.env .env
kubectl/ kubectl/
build/ build/
.nfs/
!.gitkeep

8
.postgres/initdb.sql
View File

@ -1,8 +0,0 @@
CREATE USER gitea WITH PASSWORD 'changeme';
CREATE DATABASE gitea WITH OWNER gitea;
CREATE USER grafana WITH password 'changeme';
CREATE DATABASE grafana WITH OWNER grafana;
CREATE USER nextcloud WITH PASSWORD 'changeme';
CREATE DATABASE nextcloud WITH OWNER nextcloud;

2
kustomize/bases/drone/drone-runner-deployment.yaml
View File

@ -21,7 +21,7 @@ spec:
image: drone/drone-runner-kube image: drone/drone-runner-kube
env: env:
- name: DRONE_RPC_HOST - name: DRONE_RPC_HOST
value: drone.gitea.svc value: drone.gitea.svc.cluster.local
- name: DRONE_RPC_PROTO - name: DRONE_RPC_PROTO
value: http value: http
- name: DRONE_RPC_SECRET - name: DRONE_RPC_SECRET

2
kustomize/bases/grafana/provision/datasources.yaml
View File

@ -3,5 +3,5 @@ datasources:
- name: prometheus - name: prometheus
type: prometheus type: prometheus
access: proxy access: proxy
url: http://prometheus-operated.monitoring.svc:9090 url: http://prometheus-operated.monitoring.svc.cluster.local:9090
is_default: true is_default: true

22
kustomize/bases/nextcloud/ingress.yaml
View File

@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- ${NEXTCLOUD_EXTERNAL_HOST}
secretName: letsencrypt-cert
rules:
- host: ${NEXTCLOUD_EXTERNAL_HOST}
http:
paths:
- path: /
backend:
serviceName: nextcloud
servicePort: http

15
kustomize/bases/nextcloud/kustomization.yaml
View File

@ -1,14 +1,7 @@
bases:
- ../postgres
resources: resources:
- nextcloud-deployment.yaml - nextcloud-deployment.yaml
- nextcloud-cronjob.yaml - nextcloud-cronjob.yaml
- ingress.yaml - nextcloud-ingress.yaml
secretGenerator:
- name: postgres-credentials-secret
type: Opaque
behavior: create
literals:
- host=172.18.1.2:5432
- database=nextcloud
- username=nextcloud
- password=changeme

17
kustomize/bases/nextcloud/nextcloud-cronjob.yaml
View File

@ -1,9 +1,10 @@
apiVersion: batch/v1beta1 apiVersion: batch/v1
kind: CronJob kind: CronJob
metadata: metadata:
name: nextcloud-cronjob name: nextcloud-cronjob
spec: spec:
schedule: "*/15 * * * *" schedule: "*/5 * * * *"
concurrencyPolicy: Forbid
jobTemplate: jobTemplate:
spec: spec:
template: template:
@ -11,18 +12,18 @@ spec:
restartPolicy: OnFailure restartPolicy: OnFailure
containers: containers:
- name: nextcloud - name: nextcloud
image: nextcloud:18.0.4 image: nextcloud
securityContext: securityContext:
runAsUser: 33 runAsUser: 33
runAsGroup: 33 runAsGroup: 33
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/html
command: command:
- php - php
- -f - -f
- /var/www/html/cron.php - /var/www/html/cron.php
volumeMounts:
- name: nextcloud-pv
mountPath: /var/www/html
volumes: volumes:
- name: nextcloud-data - name: nextcloud-pv
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-data claimName: nextcloud-pvc

57
kustomize/bases/nextcloud/nextcloud-deployment.yaml
View File

@ -5,6 +5,9 @@ metadata:
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
spec: spec:
replicas: 1
strategy:
type: Recreate
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
@ -15,16 +18,17 @@ spec:
spec: spec:
containers: containers:
- name: nextcloud - name: nextcloud
image: nextcloud:19.0.2 image: nextcloud
env: env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TRUSTED_PROXIES - name: TRUSTED_PROXIES
value: 10.0.0.0/8 value: 10.0.0.0/8
- name: POSTGRES_HOST - name: POSTGRES_HOST
valueFrom: value: postgres.$(NAMESPACE).svc.cluster.local
secretKeyRef: - name: POSTGRES_DB
name: postgres-credentials-secret
key: host
- name: POSTGRES_DATABASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials-secret
@ -42,46 +46,31 @@ spec:
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 80
resources:
requests:
cpu: 750m
memory: 75Mi
limits:
cpu: 1000m
memory: 1Gi
volumeMounts: volumeMounts:
- name: nextcloud-data - name: nextcloud-pv
mountPath: /var/www/html mountPath: /var/www/html
volumes: volumes:
- name: nextcloud-data - name: nextcloud-pv
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-data claimName: nextcloud-pvc
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nextcloud-data-nfs
labels:
app.kubernetes.io/name: nextcloud
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 100Mi
nfs:
server: nfs-localhost
path: /nextcloud
mountOptions: ["vers=4"]
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: nextcloud-data name: nextcloud-pvc
labels:
app.kubernetes.io/name: nextcloud
spec: spec:
storageClassName: ""
accessModes: accessModes:
- ReadWriteMany - ReadWriteOnce
resources: resources:
requests: requests:
storage: 100Mi storage: 20Gi
selector:
matchLabels:
app.kubernetes.io/name: nextcloud
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

18
kustomize/bases/nextcloud/nextcloud-ingress.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud
labels:
app.kubernetes.io/name: nextcloud
spec:
rules:
- host: ${NEXTCLOUD_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextcloud
port:
name: http

11
kustomize/bases/postgres/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
resources:
- postgres-statefulset.yaml
secretGenerator:
- name: postgres-credentials-secret
type: Opaque
behavior: create
literals:
- database=changeme
- username=changeme
- password=changeme

75
kustomize/bases/postgres/postgres-statefulset.yaml Normal file
View File

@ -0,0 +1,75 @@
# PostgreSQL StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
labels:
app.kubernetes.io/name: postgres
spec:
serviceName: postgres
selector:
matchLabels:
app.kubernetes.io/name: postgres
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: postgres
spec:
containers:
- name: postgres
image: postgres
env:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: database
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: password
- name: PGDATA
value: /data/pgdata
ports:
- name: postgres
containerPort: 5432
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
volumeMounts:
- name: postgres-pvc
mountPath: /data
# Volume Claim
volumeClaimTemplates:
- metadata:
name: postgres-pvc
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: Service
metadata:
name: postgres
labels:
app.kubernetes.io/name: postgres
spec:
selector:
app.kubernetes.io/name: postgres
ports:
- name: postgres
port: 5432
targetPort: postgres

1
kustomize/namespaces/nextcloud/kustomization.yaml
View File

@ -1,6 +1,5 @@
bases: bases:
- ../../bases/nextcloud - ../../bases/nextcloud
# - ../../base/postgres
resources: resources:
- namespace.yaml - namespace.yaml

13
kustomize/overlays/dev/kustomization.yaml
View File

@ -3,7 +3,7 @@ bases:
- ../../namespaces/gitea - ../../namespaces/gitea
- ../../namespaces/grafana - ../../namespaces/grafana
- ../../namespaces/monitoring - ../../namespaces/monitoring
# - ../../namespaces/nextcloud - ../../namespaces/nextcloud
images: images:
- name: gitea/gitea - name: gitea/gitea
@ -14,6 +14,10 @@ images:
newtag: 2.0.6 newtag: 2.0.6
- name: drone/drone-runner-kube - name: drone/drone-runner-kube
newtag: 1.0.0-beta.9 newtag: 1.0.0-beta.9
- name: nextcloud
newtag: 22.1.0
- name: postgres
newtag: 9.6.23
secretGenerator: secretGenerator:
- name: drone-secret - name: drone-secret
@ -30,6 +34,13 @@ secretGenerator:
literals: literals:
- client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692 - client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692
- client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
- name: postgres-credentials-secret
type: Opaque
behavior: replace
literals:
- database=nextcloud
- username=nextcloud
- password=nextcloud
# allow "kubectl apply -l managed-by=kustomize --prune ..." # allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels: commonlabels:

6
kustomize/overlays/prod/kustomization.yaml
View File

@ -38,3 +38,9 @@ transformers:
- transformers/placeholders.yaml - transformers/placeholders.yaml
- transformers/ssm-secrets.yaml - transformers/ssm-secrets.yaml
# patchesJson6902:
# - target:
# version: v1
# kind: Deployment
# name: nextcloud
# path: patches/nextcloud-deployment-patch.yaml

12
kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml Normal file
View File

@ -0,0 +1,12 @@
- op: add
path: /spec/template/spec/containers/0/volumeMounts/0
value:
name: nextcloud-data-nfs
mountPath: /data
- op: add
path: /spec/template/spec/volumes/0
value:
name: nextcloud-data-nfs
nfs:
server: 172.31.0.10
path: /data

61
setup-dev-cluster.sh
View File

@ -38,48 +38,39 @@ if ! docker ps -a | grep registry-localhost &>/dev/null; then
docker run -d \ docker run -d \
--name registry-localhost \ --name registry-localhost \
--net "k3d-$cluster_name" \ --net "k3d-$cluster_name" \
--ip 172.18.1.1 \
--volume local_registry:/var/lib/registry \ --volume local_registry:/var/lib/registry \
--restart always \ --restart always \
-p 5000:5000 \ -p 5000:5000 \
registry:2 registry:2
fi fi
# local postgres database
if ! docker ps -a | grep postgres-localhost &>/dev/null; then
docker volume create local_postgres
docker run -d \
--name postgres-localhost \
--net "k3d-$cluster_name" \
--ip 172.18.1.2 \
--volume local_postgres:/var/lib/postgresql/data \
--volume "$PWD/.postgres/initdb.sql:/docker-entrypoint-initdb.d/initdb.sql:ro" \
--restart always \
--env POSTGRES_PASSWORD=changeme \
-p 5432:5432 \
postgres:9.6
sleep 10
fi
# local nfs server # local nfs server
if ! docker ps -a | grep nfs-localhost &>/dev/null; then # if ! docker ps -a | grep nfs-localhost &>/dev/null; then
docker volume create local_nfs # docker volume create local_nfs
docker run -d \ # docker run -d \
--name nfs-localhost \ # --name nfs-localhost \
--net "k3d-$cluster_name" \ # --net "k3d-$cluster_name" \
--ip 172.18.1.3 \ # --ip 172.31.0.10 \
--volume nfs_local:/data \ # --volume "$PWD/.nfs/nextcould:/data/nextcloud" \
--volume /lib/modules:/lib/modules:ro \ # --volume /lib/modules:/lib/modules:ro \
--restart always \ # --restart always \
--cap-add SYS_ADMIN \ # --cap-add SYS_ADMIN \
--cap-add SYS_MODULE \ # --cap-add SYS_MODULE \
--env NFS_EXPORT_0='/data *(rw,async,insecure,no_subtree_check,no_root_squash,fsid=0)' \ # --env NFS_EXPORT_0='/data *(rw,sync,insecure,no_subtree_check,no_root_squash,fsid=0)' \
--env NFS_DISABLE_VERSION_3=YES \ # --env NFS_LOG_LEVEL=DEBUG \
--env NFS_LOG_LEVEL=DEBUG \ # -p 2049:2049 \
-p 2049:2049 \ # erichough/nfs-server:2.2.1
erichough/nfs-server:2.2.1 # sleep 10
sleep 10 # fi
fi # sudo modprobe netfs
# sudo modprobe fscache
# sudo modprobe sunrpc
# sudo modprobe grace
# sudo modprobe lockd
# sudo modprobe nfs
# sudo modprobe nfs_acl
# sudo modprobe auth_rpcgss
# sudo modprobe nfsd
# k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null # k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null
# kubectl apply -f "$auto_deploy_manifest" # kubectl apply -f "$auto_deploy_manifest"