---
nextcloud:
debug: false
# Disable use of internal database
internalDatabase:
enabled: false
# Do not copy default "skeleton" (demo files) for new users.
skeleton: false
# Enable and configure MariaDB chart
mariadb:
enabled: true
# Needed to fix https://open.greenhost.net/stackspin/nextcloud/issues/28#note_7070
volumePermissions:
image:
pullSecrets: []
# initdbScriptsConfigMap: "nextcloud-mariadb-initdbscripts"
initdbScripts:
setup.sql: |
CREATE USER {{ .Values.global.onlyofficeDb.user }} IDENTIFIED BY '{{ .Values.global.onlyofficeDb.password }}';
CREATE DATABASE {{ .Values.global.onlyofficeDb.name }};
GRANT ALL PRIVILEGES ON {{ .Values.global.onlyofficeDb.name }}.* TO '{{ .Values.global.onlyofficeDb.user }}'@'%';
redis:
enabled: true
architecture: standalone
# Use 2 GB of storage for NC storage (maybe make configurable later?)
persistence:
enabled: true
size: 2Gi
startupProbe:
enabled: true
failureThreshold: 60
nextcloud:
extraVolumes:
- name: nextcloud-onlyoffice-config
configMap:
name: nextcloud-onlyoffice-config-and-scripts
extraVolumeMounts:
- name: nextcloud-onlyoffice-config
mountPath: /var/local
apps:
default:
- name: onlyoffice
# Line order is important here for renovatebot! first github_repository,
# then version
enabled: true
github_repository: ONLYOFFICE/onlyoffice-nextcloud
version: v9.3.0
release_filename: onlyoffice.tar.gz
setupApps:
# How many times the setup-apps job can try and fail before it is marked as
# definitely failed.
backoffLimit: 6
# Necessary so the chart gets installed (because the requirements.yaml has a
# condition: `condition: mariadb.enabled`). Follow
# https://github.com/helm/helm/issues/5135 for more info.
mariadb:
enabled: true
global:
onlyofficeDb:
# `host` defaults to "{{ .Release.Name }}-mariadb"
name: onlyoffice
port: 3306
user: onlyoffice
# password: password
onlyoffice:
# Default values for onlyoffice.
replicaCount: 1
# jwtSecret: secret
# Enable font generation during startup.
# This takes a long time and is not needed if you don't provide custom
# fonts.
# Sets the `GENERATE_FONTS` env var, see
# https://github.com/ONLYOFFICE/Docker-DocumentServer#available-configuration-parameters
generateFonts: false
# Allow chainging unauthorizedStorage and httpsHstsEnabled
# Useful if you want to make Nextcloud and Onlyoffice work without proper
# certificates, i.e. when testing or in CI
# see https://open.greenhost.net/stackspin/nextcloud/-/issues/964
# Default is to *not* allow unauthorizedStorage and to enforce HSTS
unauthorizedStorage: false
httpsHstsEnabled: true
# Port of onlyoffice server inside docker container.
containerPort: 8000
# URL to the server running onlyoffice, replace this with your own domain!
server_name: onlyoffice.domain
image:
# https://hub.docker.com/r/onlyoffice/documentserver/tags
repository: onlyoffice/documentserver
tag: 7.2.2.56
pullPolicy: Always
strategy: Recreate
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
# ONLYOFFICE Data (/var/lib/onlyoffice)
enabled: false
annotations: {}
## nextcloud data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
size: 2Gi
nameOverride: ''
fullnameOverride: ''
service:
type: ClusterIP
port: 9980
ingress:
enabled: false
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 20M
paths: []
hosts: []
tls: []
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Custom labels to add to the onlyoffice documentserver deployment.
deploymentLabels: {}
# Custom labels to add to the onlyoffice documentserver pod.
podLabels: {}
# Custom annotations to add to the onlyoffice documentserver pod.
podAnnotations: {}
nodeSelector: {}
tolerations: []
securityContext: {}
affinity: {}
livenessProbe:
enabled: true
initialDelaySeconds: 0
timeoutSeconds: 2
periodSeconds: 30
successThreshold: 1
failureThreshold: 2
readinessProbe:
enabled: true
initialDelaySeconds: 0
timeoutSeconds: 2
periodSeconds: 30
successThreshold: 1
failureThreshold: 2
startupProbe:
enabled: true
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 120
rabbitmq:
auth: {}
# password: password
# erlangCookie: stub
oidc:
providerUrl: https://sso.stackspin.example.net
clientId: nextcloud
# clientSecret: YouReallyNeedToChangeThis
logoutUrl: https://sso.stackspin.example.net/oauth2/sessions/logout
loginButtonText: Log in with OIDC
scim: {}
# url: ...
# token: ...
tests:
image:
# https://hub.docker.com/r/cypress/included/tags
repository: cypress/included
tag: 13.13.3
pullPolicy: IfNotPresent
ssoLogin:
# Set this to "true" to use the OIDC plugin to log in in the tests
# Otherwise, username "admin" and nextcloud.nextcloud.password are used
enabled: false
username: admin
# # Uncomment and set to the password of the SSO user
# password: SET_PASSWORD_HERE
cypress:
# Set project ID and record key if cypress screenshots and videos should be uploaded
# to the cypress dashboard
projectId: ""
recordKey: ""
# Optionally provide git details from selfhosted Gitlab CI
# commitInfo:
# branch:
# message:
# author:
# sha:
# We verify in a helm test that no apps are disabled except ones from this list.
disabledApps:
allowedDisabled:
admin_audit:
bruteforcesettings:
encryption:
files_external:
suspicious_login:
twofactor_totp:
user_ldap: