diff --git a/nextcloud-onlyoffice/Chart.yaml b/nextcloud-onlyoffice/Chart.yaml
index 983b4862a90af29a3d7fbdd7a7b30c67c39e7c3e..a2517259d5952b4f0dbeca88452b82e6514f58da 100644
--- a/nextcloud-onlyoffice/Chart.yaml
+++ b/nextcloud-onlyoffice/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
description: |
A helm chart for installing NextCloud and setting up ONLYOFFICE integration
name: nextcloud-onlyoffice
-version: 0.1.2
+version: 0.1.3
diff --git a/nextcloud-onlyoffice/templates/_nextcloud-specs.tpl b/nextcloud-onlyoffice/templates/_nextcloud-specs.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..f77fb433da6b582f045e0f9a17dbc8695abb138a
--- /dev/null
+++ b/nextcloud-onlyoffice/templates/_nextcloud-specs.tpl
@@ -0,0 +1,89 @@
+{{/* Change the user and group to www-data as required by occ */}}
+{{- define "nextcloud-onlyoffice.securityContext" }}
+fsGroup: 33
+runAsUser: 33
+runAsGroup: 33
+{{- end}}
+{{/* Add volume mounts that are also used by the nextcloud container */}}
+{{/* and the configMap that contains job specific content */}}
+{{- define "nextcloud-onlyoffice.volumeMounts" }}
+- name: nextcloud-data
+ mountPath: /var/www/html/
+ subPath: root
+- name: nextcloud-data
+ mountPath: /var/www/html/data
+ subPath: data
+- name: nextcloud-data
+ mountPath: /var/www/html/config
+ subPath: config
+- name: nextcloud-data
+ mountPath: /var/www/html/custom_apps
+ subPath: custom_apps
+- name: nextcloud-data
+ mountPath: /var/www/html/themes
+ subPath: themes
+- name: onlyoffice-config
+ mountPath: /var/local
+{{- end }}
+{{/* Set environment variables that are needed for the nextcloud setup */}}
+{{- define "nextcloud-onlyoffice.env" }}
+{{- if .Values.nextcloud.internalDatabase.enabled }}
+- name: SQLITE_DATABASE
+ value: {{ .Values.nextcloud.internalDatabase.name | quote }}
+{{- else if .Values.nextcloud.mariadb.enabled }}
+- name: MYSQL_HOST
+ value: {{ template "nextcloud.mariadb.fullname" . }}
+- name: MYSQL_DATABASE
+ value: {{ .Values.nextcloud.mariadb.db.name | quote }}
+- name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-%s" .Release.Name "db" }}
+ key: db-username
+- name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-%s" .Release.Name "db" }}
+ key: db-password
+{{- else }}
+- name: MYSQL_HOST
+ value: {{ .Values.nextcloud.externalDatabase.host | quote }}
+- name: MYSQL_DATABASE
+ value: {{ .Values.nextcloud.externalDatabase.database | quote }}
+- name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-%s" .Release.Name "db" }}
+ key: db-username
+- name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-%s" .Release.Name "db" }}
+ key: db-password
+{{- end }}
+- name: NEXTCLOUD_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
+ key: nextcloud-username
+- name: NEXTCLOUD_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
+ key: nextcloud-password
+- name: NEXTCLOUD_TRUSTED_DOMAINS
+ value: {{ .Values.nextcloud.nextcloud.host }}
+{{- end }}
+{{/* Add volumes that correspond to the volume mounts used in this tpl */}}
+{{- define "nextcloud-onlyoffice.volumes" }}
+- name: nextcloud-data
+{{- if .Values.nextcloud.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ if .Values.nextcloud.persistence.existingClaim }}{{ .Values.nextcloud.persistence.existingClaim }}{{- else }}{{ printf "%s-%s" .Release.Name "nextcloud-nextcloud" }}{{- end }}
+{{- else }}
+ emptyDir: {}
+{{- end }}
+- name: onlyoffice-config
+ configMap:
+ name: {{ .Release.Name }}-onlyoffice-config
+{{- end}}
diff --git a/nextcloud-onlyoffice/templates/job-configure-nextcloud.yaml b/nextcloud-onlyoffice/templates/job-configure-nextcloud.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c8856f1a2a5adb23d347641b77ae08c267603522
--- /dev/null
+++ b/nextcloud-onlyoffice/templates/job-configure-nextcloud.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: "{{ .Release.Name }}-configure-nextcloud"
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+ template:
+ metadata:
+ name: "{{.Release.Name}}-configure-nextcloud"
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{.Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ spec:
+ restartPolicy: Never
+ securityContext: {{- include "nextcloud-onlyoffice.securityContext" . | indent 8 }}
+ containers:
+ - name: {{ .Release.Name }}-configure-nextcloud-job
+ image: {{ .Values.nextcloud.image.repository }}:{{ .Values.nextcloud.image.tag }}
+ command:
+ - "/usr/local/bin/php"
+ - "/var/www/html/occ"
+ - "config:import"
+ - "/var/local/config.json"
+ volumeMounts: {{- include "nextcloud-onlyoffice.volumeMounts" . | indent 8 }}
+ env: {{- include "nextcloud-onlyoffice.env" . | indent 8 }}
+ volumes: {{- include "nextcloud-onlyoffice.volumes" . | indent 6 }}
diff --git a/nextcloud-onlyoffice/templates/job-register-onlyoffice.yaml b/nextcloud-onlyoffice/templates/job-register-onlyoffice.yaml
index ce0372503a62e61639df807fbb35c9140655a4dc..0f51b16a4b340cef647a2c1ece8aae0e5d2dcd44 100644
--- a/nextcloud-onlyoffice/templates/job-register-onlyoffice.yaml
+++ b/nextcloud-onlyoffice/templates/job-register-onlyoffice.yaml
@@ -22,91 +22,13 @@ spec:
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
- securityContext:
- fsGroup: 33
- runAsUser: 33
- runAsGroup: 33
+ securityContext: {{- include "nextcloud-onlyoffice.securityContext" . | indent 8 }}
containers:
- name: {{ .Release.Name }}-register-onlyoffice-job
image: {{ .Values.nextcloud.image.repository }}:{{ .Values.nextcloud.image.tag }}
command:
- "/bin/bash"
- "/var/local/onlyoffice-setup.sh"
- volumeMounts:
- - name: nextcloud-data
- mountPath: /var/www/html/
- subPath: root
- - name: nextcloud-data
- mountPath: /var/www/html/data
- subPath: data
- - name: nextcloud-data
- mountPath: /var/www/html/config
- subPath: config
- - name: nextcloud-data
- mountPath: /var/www/html/custom_apps
- subPath: custom_apps
- - name: nextcloud-data
- mountPath: /var/www/html/themes
- subPath: themes
- - name: onlyoffice-config
- mountPath: /var/local
- env:
- {{- if .Values.nextcloud.internalDatabase.enabled }}
- - name: SQLITE_DATABASE
- value: {{ .Values.nextcloud.internalDatabase.name | quote }}
- {{- else if .Values.nextcloud.mariadb.enabled }}
- - name: MYSQL_HOST
- value: {{ template "nextcloud.mariadb.fullname" . }}
- - name: MYSQL_DATABASE
- value: {{ .Values.nextcloud.mariadb.db.name | quote }}
- - name: MYSQL_USER
- valueFrom:
- secretKeyRef:
- name: {{ printf "%s-%s" .Release.Name "db" }}
- key: db-username
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ printf "%s-%s" .Release.Name "db" }}
- key: db-password
- {{- else }}
- - name: MYSQL_HOST
- value: {{ .Values.nextcloud.externalDatabase.host | quote }}
- - name: MYSQL_DATABASE
- value: {{ .Values.nextcloud.externalDatabase.database | quote }}
- - name: MYSQL_USER
- valueFrom:
- secretKeyRef:
- name: {{ printf "%s-%s" .Release.Name "db" }}
- key: db-username
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ printf "%s-%s" .Release.Name "db" }}
- key: db-password
- {{- end }}
- - name: NEXTCLOUD_ADMIN_USER
- valueFrom:
- secretKeyRef:
- name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
- key: nextcloud-username
- - name: NEXTCLOUD_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ printf "%s-%s" .Release.Name "nextcloud" }}
- key: nextcloud-password
- - name: NEXTCLOUD_TRUSTED_DOMAINS
- value: {{ .Values.nextcloud.nextcloud.host }}
- volumes:
- - name: nextcloud-data
- {{- if .Values.nextcloud.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ if .Values.nextcloud.persistence.existingClaim }}{{ .Values.nextcloud.persistence.existingClaim }}{{- else }}{{ printf "%s-%s" .Release.Name "nextcloud-nextcloud" }}{{- end }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: onlyoffice-config
- configMap:
- name: {{ .Release.Name }}-onlyoffice-config
-
-
+ volumeMounts: {{- include "nextcloud-onlyoffice.volumeMounts" . | indent 8 }}
+ env: {{- include "nextcloud-onlyoffice.env" . | indent 8 }}
+ volumes: {{- include "nextcloud-onlyoffice.volumes" . | indent 6 }}
diff --git a/nextcloud-onlyoffice/templates/onlyoffice-config.yaml b/nextcloud-onlyoffice/templates/onlyoffice-config.yaml
index 9440f9982a8a66d056791b014d9b59eeffcc4450..47fb696c890fc56235a4c4a79ecc3ead5da476cc 100644
--- a/nextcloud-onlyoffice/templates/onlyoffice-config.yaml
+++ b/nextcloud-onlyoffice/templates/onlyoffice-config.yaml
@@ -41,3 +41,25 @@ data:
# Config settings from the configmap above
php occ config:import /var/local/onlyoffice-config.json
+ #
+ # All values in config.json are applied by the nextcloud occ command
+ # config:import.
+ # system.trusted_proxies contains a list of proxies that are considered
+ # to be trusted. 10.43.0.0/16 contains all ip addresses that are
+ # assigned to kubernetes services which includes the ip address of
+ # the ingress service that functions as a proxy.
+ # apps.core.backgroundjobs_mode set to cron disables the unreliable ajax
+ # scheduling that is enabled by default. Ajax scheduling is not needed
+ # because cronjobs are regularly executed by a kubernetes resource.
+ #
+ config.json: |
+ {
+ "system":{
+ "trusted_proxies": "10.43.0.0/16"
+ },
+ "apps":{
+ "core":{
+ "backgroundjobs_mode": "cron"
+ }
+ }
+ }