Merge branch 'nextcloud-system-config' into 'master'

Add nextcloud config job See merge request openappstack/nextcloud!7

Merge branch 'nextcloud-system-config' into 'master'
Add nextcloud config job See merge request openappstack/nextcloud!7
81ff20e3 · Arie Peterson · 5c9fb2ee · 989765b9 · 81ff20e3 · 81ff20e3
Commit 81ff20e3 authored 5 years ago by Arie Peterson
--- a/nextcloud-onlyoffice/Chart.yaml
+++ b/nextcloud-onlyoffice/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 description: |
  A helm chart for installing NextCloud and setting up ONLYOFFICE integration
 name: nextcloud-onlyoffice
-version: 0.1.2
+version: 0.1.3
--- a/nextcloud-onlyoffice/templates/_nextcloud-specs.tpl
+++ b/nextcloud-onlyoffice/templates/_nextcloud-specs.tpl
+{{/* Change the user and group to www-data as required by occ */}}
+{{- define "nextcloud-onlyoffice.securityContext" }}
+fsGroup: 33
+runAsUser: 33
+runAsGroup: 33
+{{- end}}
+{{/* Add volume mounts that are also used by the nextcloud container */}}
+{{/* and the configMap that contains job specific content */}}
+{{- define "nextcloud-onlyoffice.volumeMounts" }}
+- name: nextcloud-data
+  mountPath: /var/www/html/
+  subPath: root
+- name: nextcloud-data
+  mountPath: /var/www/html/data
+  subPath: data
+- name: nextcloud-data
+  mountPath: /var/www/html/config
+  subPath: config
+- name: nextcloud-data
+  mountPath: /var/www/html/custom_apps
+  subPath: custom_apps
+- name: nextcloud-data
+  mountPath: /var/www/html/themes
+  subPath: themes
+- name: onlyoffice-config
+  mountPath: /var/local
+{{- end }}
+{{/* Set environment variables that are needed for the nextcloud setup */}}
+{{- define "nextcloud-onlyoffice.env" }}
+{{- if .Values.nextcloud.internalDatabase.enabled }}
+- name: SQLITE_DATABASE
+  value: {{ .Values.nextcloud.internalDatabase.name | quote }}
+{{- else if .Values.nextcloud.mariadb.enabled }}
+- name: MYSQL_HOST
+  value: {{ template "nextcloud.mariadb.fullname" . }}
+- name: MYSQL_DATABASE
+  value: {{ .Values.nextcloud.mariadb.db.name | quote }}
+- name: MYSQL_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ printf "%s-%s" .Release.Name "db" }}
+      key: db-username
+- name: MYSQL_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ printf "%s-%s" .Release.Name "db" }}
+      key: db-password
+{{- else }}
+- name: MYSQL_HOST
+  value: {{ .Values.nextcloud.externalDatabase.host | quote }}
+- name: MYSQL_DATABASE
+  value: {{ .Values.nextcloud.externalDatabase.database | quote }}
+- name: MYSQL_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ printf "%s-%s" .Release.Name "db" }}
+      key: db-username
+- name: MYSQL_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ printf "%s-%s" .Release.Name "db" }}
+      key: db-password
+{{- end }}
+- name: NEXTCLOUD_ADMIN_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
+      key: nextcloud-username
+- name: NEXTCLOUD_ADMIN_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
+      key: nextcloud-password
+- name: NEXTCLOUD_TRUSTED_DOMAINS
+  value: {{ .Values.nextcloud.nextcloud.host }}
+{{- end }}
+{{/* Add volumes that correspond to the volume mounts used in this tpl */}}
+{{- define "nextcloud-onlyoffice.volumes" }}
+- name: nextcloud-data
+{{- if .Values.nextcloud.persistence.enabled }}
+  persistentVolumeClaim:
+    claimName: {{ if .Values.nextcloud.persistence.existingClaim }}{{ .Values.nextcloud.persistence.existingClaim }}{{- else }}{{ printf "%s-%s" .Release.Name "nextcloud-nextcloud" }}{{- end }}
+{{- else }}
+  emptyDir: {}
+{{- end }}
+- name: onlyoffice-config
+  configMap:
+    name: {{ .Release.Name }}-onlyoffice-config
+{{- end}}
--- a/nextcloud-onlyoffice/templates/job-configure-nextcloud.yaml
+++ b/nextcloud-onlyoffice/templates/job-configure-nextcloud.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: "{{ .Release.Name }}-configure-nextcloud"
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: "{{.Release.Name}}-configure-nextcloud"
+      labels:
+        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+        app.kubernetes.io/instance: {{.Release.Name | quote }}
+        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    spec:
+      restartPolicy: Never
+      securityContext: {{- include "nextcloud-onlyoffice.securityContext" . | indent 8 }}
+      containers:
+      - name: {{ .Release.Name }}-configure-nextcloud-job
+        image: {{ .Values.nextcloud.image.repository }}:{{ .Values.nextcloud.image.tag }}
+        command:
+          - "/usr/local/bin/php"
+          - "/var/www/html/occ"
+          - "config:import"
+          - "/var/local/config.json"
+        volumeMounts: {{- include "nextcloud-onlyoffice.volumeMounts" . | indent 8 }}
+        env: {{- include "nextcloud-onlyoffice.env" . | indent 8 }}
+      volumes: {{- include "nextcloud-onlyoffice.volumes" . | indent 6 }}
--- a/nextcloud-onlyoffice/templates/job-register-onlyoffice.yaml
+++ b/nextcloud-onlyoffice/templates/job-register-onlyoffice.yaml
@@ -22,91 +22,13 @@ spec:
        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    spec:
      restartPolicy: Never
-      securityContext:
-        fsGroup: 33
-        runAsUser: 33
-        runAsGroup: 33
+      securityContext: {{- include "nextcloud-onlyoffice.securityContext" . | indent 8 }}
      containers:
      - name: {{ .Release.Name }}-register-onlyoffice-job
        image: {{ .Values.nextcloud.image.repository }}:{{ .Values.nextcloud.image.tag }}
        command:
          - "/bin/bash"
          - "/var/local/onlyoffice-setup.sh"
-        volumeMounts:
-        - name: nextcloud-data
-          mountPath: /var/www/html/
-          subPath: root
-        - name: nextcloud-data
-          mountPath: /var/www/html/data
-          subPath: data
-        - name: nextcloud-data
-          mountPath: /var/www/html/config
-          subPath: config
-        - name: nextcloud-data
-          mountPath: /var/www/html/custom_apps
-          subPath: custom_apps
-        - name: nextcloud-data
-          mountPath: /var/www/html/themes
-          subPath: themes
-        - name: onlyoffice-config
-          mountPath: /var/local
-        env:
-        {{- if .Values.nextcloud.internalDatabase.enabled }}
-        - name: SQLITE_DATABASE
-          value: {{ .Values.nextcloud.internalDatabase.name | quote }}
-        {{- else if .Values.nextcloud.mariadb.enabled }}
-        - name: MYSQL_HOST
-          value: {{ template "nextcloud.mariadb.fullname" . }}
-        - name: MYSQL_DATABASE
-          value: {{ .Values.nextcloud.mariadb.db.name | quote }}
-        - name: MYSQL_USER
-          valueFrom:
-            secretKeyRef:
-              name: {{ printf "%s-%s" .Release.Name "db" }}
-              key: db-username
-        - name: MYSQL_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ printf "%s-%s" .Release.Name "db" }}
-              key: db-password
-        {{- else }}
-        - name: MYSQL_HOST
-          value: {{ .Values.nextcloud.externalDatabase.host | quote }}
-        - name: MYSQL_DATABASE
-          value: {{ .Values.nextcloud.externalDatabase.database | quote }}
-        - name: MYSQL_USER
-          valueFrom:
-            secretKeyRef:
-              name: {{ printf "%s-%s" .Release.Name "db" }}
-              key: db-username
-        - name: MYSQL_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ printf "%s-%s" .Release.Name "db" }}
-              key: db-password
-        {{- end }}
-        - name: NEXTCLOUD_ADMIN_USER
-          valueFrom:
-            secretKeyRef:
-              name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
-              key: nextcloud-username
-        - name: NEXTCLOUD_ADMIN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
-              key: nextcloud-password
-        - name: NEXTCLOUD_TRUSTED_DOMAINS
-          value: {{ .Values.nextcloud.nextcloud.host }}
-      volumes:
-      - name: nextcloud-data
-      {{- if .Values.nextcloud.persistence.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.nextcloud.persistence.existingClaim }}{{ .Values.nextcloud.persistence.existingClaim }}{{- else }}{{ printf "%s-%s" .Release.Name "nextcloud-nextcloud" }}{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: onlyoffice-config
-        configMap:
-          name: {{ .Release.Name }}-onlyoffice-config
-
-
+        volumeMounts: {{- include "nextcloud-onlyoffice.volumeMounts" . | indent 8 }}
+        env: {{- include "nextcloud-onlyoffice.env" . | indent 8 }}
+      volumes: {{- include "nextcloud-onlyoffice.volumes" . | indent 6 }}
--- a/nextcloud-onlyoffice/templates/onlyoffice-config.yaml
+++ b/nextcloud-onlyoffice/templates/onlyoffice-config.yaml
@@ -41,3 +41,25 @@ data:

    # Config settings from the configmap above
    php occ config:import /var/local/onlyoffice-config.json
+  #
+  # All values in config.json are applied by the nextcloud occ command
+  #   config:import.
+  # system.trusted_proxies contains a list of proxies that are considered
+  #   to be trusted. 10.43.0.0/16 contains all ip addresses that are
+  #   assigned to kubernetes services which includes the ip address of
+  #   the ingress service that functions as a proxy.
+  # apps.core.backgroundjobs_mode set to cron disables the unreliable ajax
+  #   scheduling that is enabled by default. Ajax scheduling is not needed
+  #   because cronjobs are regularly executed by a kubernetes resource.
+  #
+  config.json: |
+    {
+        "system":{
+            "trusted_proxies": "10.43.0.0/16"
+        },
+        "apps":{
+            "core":{
+                "backgroundjobs_mode": "cron"
+            }
+        }
+    }