reconfigure nextcloud

2021-08-27 00:57:25 -04:00 · 2021-08-27 00:57:25 -04:00 · bc434ff3b5
parent f90e1bb0b5
commit bc434ff3b5
16 changed files with 200 additions and 122 deletions
--- a/.gitignore
+++ b/.gitignore
@ -38,3 +38,5 @@ tags
 .env
 kubectl/
 build/
+.nfs/
+!.gitkeep
--- a/.postgres/initdb.sql
+++ b/.postgres/initdb.sql
@ -1,8 +0,0 @@
-CREATE USER gitea WITH PASSWORD 'changeme';
-CREATE DATABASE gitea WITH OWNER gitea;
-
-CREATE USER grafana WITH password 'changeme';
-CREATE DATABASE grafana WITH OWNER grafana;
-
-CREATE USER nextcloud WITH PASSWORD 'changeme';
-CREATE DATABASE nextcloud WITH OWNER nextcloud;
--- a/kustomize/bases/drone/drone-runner-deployment.yaml
+++ b/kustomize/bases/drone/drone-runner-deployment.yaml
@ -21,7 +21,7 @@ spec:
          image: drone/drone-runner-kube
          env:
            - name: DRONE_RPC_HOST
-              value: drone.gitea.svc
+              value: drone.gitea.svc.cluster.local
            - name: DRONE_RPC_PROTO
              value: http
            - name: DRONE_RPC_SECRET
--- a/kustomize/bases/grafana/provision/datasources.yaml
+++ b/kustomize/bases/grafana/provision/datasources.yaml
@ -3,5 +3,5 @@ datasources:
  - name: prometheus
    type: prometheus
    access: proxy
-    url: http://prometheus-operated.monitoring.svc:9090
+    url: http://prometheus-operated.monitoring.svc.cluster.local:9090
    is_default: true
--- a/kustomize/bases/nextcloud/ingress.yaml
+++ b/kustomize/bases/nextcloud/ingress.yaml
@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: nextcloud
-  labels:
-    app.kubernetes.io/name: nextcloud
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  tls:
-    - hosts:
-        - ${NEXTCLOUD_EXTERNAL_HOST}
-      secretName: letsencrypt-cert
-  rules:
-  - host: ${NEXTCLOUD_EXTERNAL_HOST}
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: nextcloud
-          servicePort: http
--- a/kustomize/bases/nextcloud/kustomization.yaml
+++ b/kustomize/bases/nextcloud/kustomization.yaml
@ -1,14 +1,7 @@
+bases:
+  - ../postgres
+
 resources:
  - nextcloud-deployment.yaml
  - nextcloud-cronjob.yaml
-  - ingress.yaml
-
-secretGenerator:
-  - name: postgres-credentials-secret
-    type: Opaque
-    behavior: create
-    literals:
-      - host=172.18.1.2:5432
-      - database=nextcloud
-      - username=nextcloud
-      - password=changeme
+  - nextcloud-ingress.yaml
--- a/kustomize/bases/nextcloud/nextcloud-cronjob.yaml
+++ b/kustomize/bases/nextcloud/nextcloud-cronjob.yaml
@ -1,9 +1,10 @@
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: nextcloud-cronjob
 spec:
-  schedule: "*/15 * * * *"
+  schedule: "*/5 * * * *"
+  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
@ -11,18 +12,18 @@ spec:
          restartPolicy: OnFailure
          containers:
            - name: nextcloud
-              image: nextcloud:18.0.4
+              image: nextcloud
              securityContext:
                runAsUser: 33
                runAsGroup: 33
-              volumeMounts:
-                - name: nextcloud-data
-                  mountPath: /var/www/html
              command:
                - php
                - -f
                - /var/www/html/cron.php
+              volumeMounts:
+                - name: nextcloud-pv
+                  mountPath: /var/www/html
          volumes:
-            - name: nextcloud-data
+            - name: nextcloud-pv
              persistentVolumeClaim:
-                claimName: nextcloud-data
+                claimName: nextcloud-pvc
--- a/kustomize/bases/nextcloud/nextcloud-deployment.yaml
+++ b/kustomize/bases/nextcloud/nextcloud-deployment.yaml
@ -5,6 +5,9 @@ metadata:
  labels:
    app.kubernetes.io/name: nextcloud
 spec:
+  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/name: nextcloud
@ -15,16 +18,17 @@ spec:
    spec:
      containers:
        - name: nextcloud
-          image: nextcloud:19.0.2
+          image: nextcloud
          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
            - name: TRUSTED_PROXIES
              value: 10.0.0.0/8
            - name: POSTGRES_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: postgres-credentials-secret
-                  key: host
-            - name: POSTGRES_DATABASE
+              value: postgres.$(NAMESPACE).svc.cluster.local
+            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials-secret
@ -42,46 +46,31 @@ spec:
          ports:
            - name: http
              containerPort: 80
+          resources:
+            requests:
+              cpu: 750m
+              memory: 75Mi
+            limits:
+              cpu: 1000m
+              memory: 1Gi
          volumeMounts:
-            - name: nextcloud-data
+            - name: nextcloud-pv
              mountPath: /var/www/html
      volumes:
-        - name: nextcloud-data
+        - name: nextcloud-pv
          persistentVolumeClaim:
-            claimName: nextcloud-data
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: nextcloud-data-nfs
-  labels:
-    app.kubernetes.io/name: nextcloud
-spec:
-  accessModes:
-    - ReadWriteMany
-  capacity:
-    storage: 100Mi
-  nfs:
-    server: nfs-localhost
-    path: /nextcloud
-  mountOptions: ["vers=4"]
+            claimName: nextcloud-pvc
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: nextcloud-data
-  labels:
-    app.kubernetes.io/name: nextcloud
+  name: nextcloud-pvc
 spec:
-  storageClassName: ""
  accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
  resources:
    requests:
-      storage: 100Mi
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: nextcloud
+      storage: 20Gi
 ---
 apiVersion: v1
 kind: Service
--- a/kustomize/bases/nextcloud/nextcloud-ingress.yaml
+++ b/kustomize/bases/nextcloud/nextcloud-ingress.yaml
@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nextcloud
+  labels:
+    app.kubernetes.io/name: nextcloud
+spec:
+  rules:
+  - host: ${NEXTCLOUD_EXTERNAL_HOST}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nextcloud
+            port:
+              name: http
--- a/kustomize/bases/postgres/kustomization.yaml
+++ b/kustomize/bases/postgres/kustomization.yaml
@ -0,0 +1,11 @@
+resources:
+  - postgres-statefulset.yaml
+
+secretGenerator:
+  - name: postgres-credentials-secret
+    type: Opaque
+    behavior: create
+    literals:
+      - database=changeme
+      - username=changeme
+      - password=changeme
--- a/kustomize/bases/postgres/postgres-statefulset.yaml
+++ b/kustomize/bases/postgres/postgres-statefulset.yaml
@ -0,0 +1,75 @@
+# PostgreSQL StatefulSet
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  labels:
+    app.kubernetes.io/name: postgres
+spec:
+  serviceName: postgres
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: postgres
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres
+          env:
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials-secret
+                  key: database
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials-secret
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials-secret
+                  key: password
+            - name: PGDATA
+              value: /data/pgdata
+          ports:
+            - name: postgres
+              containerPort: 5432
+          resources:
+            requests:
+              cpu: 500m
+              memory: 2Gi
+            limits:
+              cpu: 1000m
+              memory: 4Gi
+          volumeMounts:
+            - name: postgres-pvc
+              mountPath: /data
+  # Volume Claim
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-pvc
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  labels:
+    app.kubernetes.io/name: postgres
+spec:
+  selector:
+    app.kubernetes.io/name: postgres
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: postgres
--- a/kustomize/namespaces/nextcloud/kustomization.yaml
+++ b/kustomize/namespaces/nextcloud/kustomization.yaml
@ -1,6 +1,5 @@
 bases:
  - ../../bases/nextcloud
-  # - ../../base/postgres

 resources:
  - namespace.yaml
--- a/kustomize/overlays/dev/kustomization.yaml
+++ b/kustomize/overlays/dev/kustomization.yaml
@ -3,7 +3,7 @@ bases:
  - ../../namespaces/gitea
  - ../../namespaces/grafana
  - ../../namespaces/monitoring
-  # - ../../namespaces/nextcloud
+  - ../../namespaces/nextcloud

 images:
  - name: gitea/gitea
@ -14,6 +14,10 @@ images:
    newtag: 2.0.6
  - name: drone/drone-runner-kube
    newtag: 1.0.0-beta.9
+  - name: nextcloud
+    newtag: 22.1.0
+  - name: postgres
+    newtag: 9.6.23

 secretGenerator:
  - name: drone-secret
@ -30,6 +34,13 @@ secretGenerator:
    literals:
      - client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692
      - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
+  - name: postgres-credentials-secret
+    type: Opaque
+    behavior: replace
+    literals:
+      - database=nextcloud
+      - username=nextcloud
+      - password=nextcloud

 # allow "kubectl apply -l managed-by=kustomize --prune ..."
 commonlabels:
--- a/kustomize/overlays/prod/kustomization.yaml
+++ b/kustomize/overlays/prod/kustomization.yaml
@ -38,3 +38,9 @@ transformers:
  - transformers/placeholders.yaml
  - transformers/ssm-secrets.yaml

+# patchesJson6902:
+#   - target: 
+#       version: v1
+#       kind: Deployment
+#       name: nextcloud
+#     path: patches/nextcloud-deployment-patch.yaml
--- a/kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml
+++ b/kustomize/overlays/prod/patches/nextcloud-deployment-patch.yaml
@ -0,0 +1,12 @@
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/0
+  value:
+    name: nextcloud-data-nfs
+    mountPath: /data
+- op: add
+  path: /spec/template/spec/volumes/0
+  value:
+    name: nextcloud-data-nfs
+    nfs:
+      server: 172.31.0.10
+      path: /data
--- a/setup-dev-cluster.sh
+++ b/setup-dev-cluster.sh
@ -38,48 +38,39 @@ if ! docker ps -a | grep registry-localhost &>/dev/null; then
    docker run -d \
        --name registry-localhost \
        --net "k3d-$cluster_name" \
-        --ip 172.18.1.1 \
        --volume local_registry:/var/lib/registry \
        --restart always \
        -p 5000:5000 \
        registry:2
 fi

-# local postgres database
-if ! docker ps -a | grep postgres-localhost &>/dev/null; then
-    docker volume create local_postgres
-    docker run -d \
-        --name postgres-localhost \
-        --net "k3d-$cluster_name" \
-        --ip 172.18.1.2 \
-        --volume local_postgres:/var/lib/postgresql/data \
-        --volume "$PWD/.postgres/initdb.sql:/docker-entrypoint-initdb.d/initdb.sql:ro" \
-        --restart always \
-        --env POSTGRES_PASSWORD=changeme \
-        -p 5432:5432 \
-        postgres:9.6
-    sleep 10
-fi
-
 # local nfs server
-if ! docker ps -a | grep nfs-localhost &>/dev/null; then
-    docker volume create local_nfs
-    docker run -d \
-        --name nfs-localhost \
-        --net "k3d-$cluster_name" \
-        --ip 172.18.1.3 \
-        --volume nfs_local:/data \
-        --volume /lib/modules:/lib/modules:ro \
-        --restart always \
-        --cap-add SYS_ADMIN \
-        --cap-add SYS_MODULE \
-        --env NFS_EXPORT_0='/data *(rw,async,insecure,no_subtree_check,no_root_squash,fsid=0)' \
-        --env NFS_DISABLE_VERSION_3=YES \
-        --env NFS_LOG_LEVEL=DEBUG \
-        -p 2049:2049 \
-        erichough/nfs-server:2.2.1
-    sleep 10
-fi
+# if ! docker ps -a | grep nfs-localhost &>/dev/null; then
+#     docker volume create local_nfs
+#     docker run -d \
+#         --name nfs-localhost \
+#         --net "k3d-$cluster_name" \
+#         --ip 172.31.0.10 \
+#         --volume "$PWD/.nfs/nextcould:/data/nextcloud" \
+#         --volume /lib/modules:/lib/modules:ro \
+#         --restart always \
+#         --cap-add SYS_ADMIN \
+#         --cap-add SYS_MODULE \
+#         --env NFS_EXPORT_0='/data *(rw,sync,insecure,no_subtree_check,no_root_squash,fsid=0)' \
+#         --env NFS_LOG_LEVEL=DEBUG \
+#         -p 2049:2049 \
+#         erichough/nfs-server:2.2.1
+#     sleep 10
+# fi
+# sudo modprobe netfs
+# sudo modprobe fscache
+# sudo modprobe sunrpc
+# sudo modprobe grace
+# sudo modprobe lockd
+# sudo modprobe nfs
+# sudo modprobe nfs_acl
+# sudo modprobe auth_rpcgss
+# sudo modprobe nfsd

 # k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null
 # kubectl apply -f "$auto_deploy_manifest"