From c91adf2c206647f2fa169063b4b53fc95e6e5c00 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Mon, 10 Jun 2024 00:23:43 +0200 Subject: [PATCH 1/3] feat(nextcloud): add notify_push support Signed-off-by: WrenIX --- .github/workflows/lint-test.yaml | 4 + charts/nextcloud/CHANGELOG.md | 3 + charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/README.md | 33 +++++ charts/nextcloud/files/notify_push.sh.tpl | 8 ++ charts/nextcloud/templates/_helpers.tpl | 121 +++++++++++------- charts/nextcloud/templates/db-secret.yaml | 18 ++- charts/nextcloud/templates/deployment.yaml | 36 +++--- charts/nextcloud/templates/ingress.yaml | 9 ++ .../nextcloud/templates/metrics/service.yaml | 21 +-- .../templates/metrics/servicemonitor.yaml | 34 ----- .../templates/notify_push/configmap.yaml | 15 +++ .../templates/notify_push/deployment.yaml | 65 ++++++++++ .../templates/notify_push/service.yaml | 35 +++++ .../{metrics => }/prometheus-rules.yaml | 8 +- charts/nextcloud/templates/service.yaml | 4 +- .../nextcloud/templates/servicemonitor.yaml | 37 ++++++ charts/nextcloud/test-values/notify_push.yaml | 10 ++ charts/nextcloud/values.yaml | 101 +++++++++++++-- 19 files changed, 432 insertions(+), 132 deletions(-) create mode 100644 charts/nextcloud/files/notify_push.sh.tpl delete mode 100644 charts/nextcloud/templates/metrics/servicemonitor.yaml create mode 100644 charts/nextcloud/templates/notify_push/configmap.yaml create mode 100644 charts/nextcloud/templates/notify_push/deployment.yaml create mode 100644 charts/nextcloud/templates/notify_push/service.yaml rename charts/nextcloud/templates/{metrics => }/prometheus-rules.yaml (91%) create mode 100644 charts/nextcloud/templates/servicemonitor.yaml create mode 100644 charts/nextcloud/test-values/notify_push.yaml diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index d47bb7a2..bbb9a0b0 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -83,6 +83,10 @@ jobs: - name: Horizontal Pod Autoscaling Enabled helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/hpa.yaml"' + # test the helm chart with notify push enabled + - name: Notify Push Enabled + helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/notify_push.yaml"' + # test the helm chart with s3 as the primary storage - name: S3 Enabled as Primary Storage # we need to skip the clean up so we can test adding a file diff --git a/charts/nextcloud/CHANGELOG.md b/charts/nextcloud/CHANGELOG.md index c5daabca..3025cd89 100644 --- a/charts/nextcloud/CHANGELOG.md +++ b/charts/nextcloud/CHANGELOG.md @@ -4,6 +4,9 @@ This Helm-Chart increase there major version on every breaking change (or major Here we list all major versions and their breaking changes for migration. +## v9 +- move `metrics.serviceMonitor` to `prometheus.serviceMonitor`: It us used for nextcloud-exporter and notify-push + ## v8 - `cronjob.command` was renamed to `cronjob.sidecar.command` to avoid confusion with the cronjob command. Please update your `values.yaml` accordingly. diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index e88cf9c3..cc0d6798 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 8.6.1 +version: 9.0.0 # renovate: image=docker.io/library/nextcloud appVersion: 32.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index e8282141..cdabb810 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -32,6 +32,7 @@ helm install my-release nextcloud/nextcloud - [Headers set on NGINX](#headers-set-on-nginx) - [Probes Configurations](#probes-configurations) - [Collabora Configuration](#collabora-configuration) + * [Notify Push](#notify-push) - [Imaginary](#imaginary) - [Cron jobs](#cron-jobs) - [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars) @@ -537,6 +538,38 @@ The nextcloud deployment includes a series of different probes you can use to de > [!Note] > If you are getting errors on initialization (such as `Fatal error: require_once(): Failed opening required '/var/www/html/lib/versioncheck.php'`, but you can get other errors as well), a good first step is to try and enable the startupProbe and/or increase the `initialDelaySeconds` for the `livenessProbe` and `readinessProbe` to something much greater (consider using `120` seconds instead of `10`. This is an especially good idea if your cluster is running on older hardware, has a slow internet connection, or you're using a slower storage class, such as NFS that's running with older disks or a slow connection. +### Notify Push + +We include an optional Client Push [nextcloud/notify_push](https://github.com/nextcloud/notify_push). + + +| Parameter | Description | Default | +|----------------------------------------|----------------------------------------------------------------------------------|------------------------| +| `notifyPush.enabled` | Enable another deployment to handle notify_push (sometimes called ClientPush) | `false` | +| `notifyPush.autoSetup` | Setup notify_push on nextcloud per docker-entrypoint-hooks before start | `false` | +| `notifyPush.replicaCount` | Number of notify-push pod replicas to deploy | `1` | +| `notifyPush.image.registry` | notify-push image registry | `docker.io` | +| `notifyPush.image.repository` | notify-push image name | `miles170/notify_push` | +| `notifyPush.image.tag` | notify-push image tag | `v0.7.0` | +| `notifyPush.image.pullPolicy` | notify-push image pull policy | `IfNotPresent` | +| `notifyPush.image.pullSecrets` | notify-push image pull secrets | `[]` | +| `notifyPush.extraEnv` | option additional env (if a external redis is used, you need to set REDIS_URL) | `""` | +| `notifyPush.podAnnotations` | Additional annotations for notify-push pods | `{}` | +| `notifyPush.podLabels` | Additional labels for notify-push pods | `{}` | +| `notifyPush.podSecurityContext` | Optional security context for the notify-push pod | `nil` | +| `notifyPush.securityContext` | Optional security context for the notify-push container | `nil` | +| `notifyPush.resources` | notify-push resources | `{}` | +| `notifyPush.service.type` | notify-push: Kubernetes Service type | `ClusterIP` | +| `notifyPush.service.loadBalancerIP` | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `nil` | +| `notifyPush.service.nodePort` | notify-push: NodePort for service type NodePort | `nil` | +| `notifyPush.service.annotations` | Additional annotations for service notify-push | `{}` | +| `notifyPush.service.labels` | Additional labels for service notify-push | `{}` | +| `notifyPush.ingress.path` | Add path in default ingress to notify_push service | `/push` | +| `notifyPush.ingress.pathType` | PathType for additional path in default ingress for notify-push path | `Prefix` | + +> [!Note] +> notify-push needs an redis (`redis.enabled=true` or `notifyPush.extraEnv=[{name:"REDIS_URL",...}]` ) + ### Collabora Configuration This section provides options to enable and configure the Collabora Online server within your deployment. Please ensure to review the [Collabora Online Helm chart documentation](https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online) for additional details and recommended values. diff --git a/charts/nextcloud/files/notify_push.sh.tpl b/charts/nextcloud/files/notify_push.sh.tpl new file mode 100644 index 00000000..1770f1cd --- /dev/null +++ b/charts/nextcloud/files/notify_push.sh.tpl @@ -0,0 +1,8 @@ +#!/bin/sh +/var/www/html/occ app:enable notify_push +/var/www/html/occ config:app:set notify_push base_endpoint --value="http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}" +{{/* +The command "setup" runs a check, which need a running nextcloud (but we try to configurate it during startup). +So that command always failure and we stuck in bootloop. +/var/www/html/occ notify_push:setup "http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}" +*/}} diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl index 934226e4..69e7cead 100644 --- a/charts/nextcloud/templates/_helpers.tpl +++ b/charts/nextcloud/templates/_helpers.tpl @@ -64,11 +64,7 @@ Create image name that is used in the deployment {{/* Create environment variables used to configure the nextcloud container as well as the cron sidecar container. */}} -{{- define "nextcloud.env" -}} -{{- if .Values.phpClientHttpsFix.enabled }} -- name: OVERWRITEPROTOCOL - value: {{ .Values.phpClientHttpsFix.protocol | quote }} -{{- end }} +{{- define "nextcloud.env.database" -}} {{- if .Values.internalDatabase.enabled }} - name: SQLITE_DATABASE value: {{ .Values.internalDatabase.name | quote }} @@ -87,6 +83,8 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} +- name: DATABASE_URL + value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)" {{- else if .Values.postgresql.enabled }} - name: POSTGRES_HOST value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} @@ -106,7 +104,9 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} -{{- else }} +- name: DATABASE_URL + value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)" +{{- else }}{{/* mariadb.enable or postgresql.enabled -> now external */}} {{- if eq .Values.externalDatabase.type "postgresql" }} - name: POSTGRES_HOST {{- if .Values.externalDatabase.existingSecret.hostKey }} @@ -136,7 +136,9 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} - {{- else }} +- name: DATABASE_URL + value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)" + {{- else }}{{/* external.type = postgresql */}} - name: MYSQL_HOST {{- if .Values.externalDatabase.existingSecret.hostKey }} valueFrom: @@ -165,8 +167,72 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} - {{- end }} +- name: DATABASE_URL + value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)" + {{- end }}{{/* external.type = postgresql */}} +{{- end }}{{/* not mariadb.enable or postgresql.enabled -> just external*/}} +{{- end }} + +{{/* +Redis env vars +*/}} +{{- define "nextcloud.env.redis" -}} +{{- if .Values.redis.enabled }} +- name: REDIS_HOST + value: {{ template "nextcloud.redis.fullname" . }}-master +- name: REDIS_HOST_PORT + value: {{ .Values.redis.master.service.ports.redis | quote }} +{{- if .Values.redis.auth.enabled }} +{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }} +- name: REDIS_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.redis.auth.existingSecret }} + key: {{ .Values.redis.auth.existingSecretPasswordKey }} +{{- else }} +- name: REDIS_HOST_PASSWORD + value: {{ .Values.redis.auth.password }} +{{- end }} +{{- end }} +{{- else if .Values.externalRedis.enabled }} +- name: REDIS_HOST + value: {{ .Values.externalRedis.host | quote }} +- name: REDIS_HOST_PORT + value: {{ .Values.externalRedis.port | quote }} +{{- if .Values.externalRedis.existingSecret.enabled }} +{{- if and .Values.externalRedis.existingSecret.secretName .Values.externalRedis.existingSecret.passwordKey }} +- name: REDIS_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret.secretName | quote }} + key: {{ .Values.externalRedis.existingSecret.passwordKey | quote }} +{{- end }} +{{- else if .Values.externalRedis.password }} +- name: REDIS_HOST_PASSWORD + value: {{ .Values.externalRedis.password | quote }} {{- end }} +{{- end }}{{/* end-of redis-enabled*/}} +{{- if or + (and .Values.redis.auth.enabled .Values.redis.auth.password) + (and .Values.redis.auth.enabled .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey) + (and .Values.externalRedis.enabled .Values.externalRedis.existingSecret.secretName .Values.externalRedis.existingSecret.passwordKey) + (and .Values.externalRedis.enabled .Values.externalRedis.password) +}} +- name: REDIS_URL + value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST):$(REDIS_HOST_PORT)" +{{- else }} +- name: REDIS_URL + value: "redis://$(REDIS_HOST):$(REDIS_HOST_PORT)" +{{- end }}{{/* end-of redis-url*/}} +{{- end }}{{/* end-of env.redis definition */}} + +{{- define "nextcloud.env" -}} +{{- if .Values.phpClientHttpsFix.enabled }} +- name: OVERWRITEPROTOCOL + value: {{ .Values.phpClientHttpsFix.protocol | quote }} +{{- end }} +{{- template "nextcloud.env.database" . }} +{{- template "nextcloud.env.redis" . }} - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: @@ -217,44 +283,6 @@ Create environment variables used to configure the nextcloud container as well a key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey }} {{- end }} {{/* -Redis env vars -*/}} -{{- if .Values.redis.enabled }} -- name: REDIS_HOST - value: {{ template "nextcloud.redis.fullname" . }}-master -- name: REDIS_HOST_PORT - value: {{ .Values.redis.master.service.ports.redis | quote }} -{{- if .Values.redis.auth.enabled }} -{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }} -- name: REDIS_HOST_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.redis.auth.existingSecret }} - key: {{ .Values.redis.auth.existingSecretPasswordKey }} -{{- else }} -- name: REDIS_HOST_PASSWORD - value: {{ .Values.redis.auth.password }} -{{- end }} -{{- end }} -{{- else if .Values.externalRedis.enabled }} -- name: REDIS_HOST - value: {{ .Values.externalRedis.host | quote }} -- name: REDIS_HOST_PORT - value: {{ .Values.externalRedis.port | quote }} -{{- if .Values.externalRedis.existingSecret.enabled }} -{{- if and .Values.externalRedis.existingSecret.secretName .Values.externalRedis.existingSecret.passwordKey }} -- name: REDIS_HOST_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.externalRedis.existingSecret.secretName | quote }} - key: {{ .Values.externalRedis.existingSecret.passwordKey | quote }} -{{- end }} -{{- else if .Values.externalRedis.password }} -- name: REDIS_HOST_PASSWORD - value: {{ .Values.externalRedis.password | quote }} -{{- end }} -{{- end }}{{/* end if redis.enabled */}} -{{/* S3 as primary object store env vars */}} {{- if .Values.nextcloud.objectStore.s3.enabled }} @@ -359,7 +387,6 @@ Swift as primary object store env vars {{- end }} {{- end -}} - {{/* Create volume mounts for the nextcloud container as well as the cron sidecar container. */}} diff --git a/charts/nextcloud/templates/db-secret.yaml b/charts/nextcloud/templates/db-secret.yaml index 4697e7dd..9d8aa461 100644 --- a/charts/nextcloud/templates/db-secret.yaml +++ b/charts/nextcloud/templates/db-secret.yaml @@ -10,14 +10,20 @@ metadata: type: Opaque data: {{- if .Values.mariadb.enabled }} - db-username: {{ .Values.mariadb.auth.username | b64enc | quote }} - db-password: {{ .Values.mariadb.auth.password | b64enc | quote }} + {{- with .Values.mariadb.auth }} + db-username: {{ .username | b64enc | quote }} + db-password: {{ .password | b64enc | quote }} + {{- end }} {{- else if .Values.postgresql.enabled }} - db-username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }} - db-password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }} + {{- with .Values.postgresql.global.postgresql.auth }} + db-username: {{ .username | b64enc | quote }} + db-password: {{ .password | b64enc | quote }} + {{- end }} {{- else }} - db-username: {{ .Values.externalDatabase.user | b64enc | quote }} - db-password: {{ .Values.externalDatabase.password | b64enc | quote }} + {{- with .Values.externalDatabase }} + db-username: {{ .user | b64enc | quote }} + db-password: {{ .password | b64enc | quote }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index 2e03dd60..d6f80805 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -77,6 +77,12 @@ spec: {{- end }} volumeMounts: {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }} + {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }} + - name: nextcloud-notify-hooks + mountPath: /docker-entrypoint-hooks.d/before-starting/notify_push.sh + subPath: notify_push.sh + readOnly: true + {{- end }} {{- range $hook, $shell := .Values.nextcloud.hooks }} {{- if $shell }} - name: nextcloud-hooks @@ -299,20 +305,11 @@ spec: {{- toYaml .securityContext | nindent 12 }} {{- end }} env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey }} + {{- include "nextcloud.env.database" . | nindent 12 }} command: - "sh" - "-c" - - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }} + - {{ printf "until mysql --host=${MYSQL_HOST} --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" }} {{- else if .Values.postgresql.enabled }} - name: postgresql-isready image: {{ coalesce .Values.global.image.registry .Values.postgresql.image.registry "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} @@ -323,13 +320,7 @@ spec: {{- toYaml .securityContext | nindent 12 }} {{- end }} env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - - name: POSTGRES_HOST - value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} + {{- include "nextcloud.env.database" . | nindent 12 }} command: - "sh" - "-c" @@ -376,6 +367,15 @@ spec: configMap: name: {{ template "nextcloud.fullname" . }}-nginxconfig {{- end }} + {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }} + - name: nextcloud-notify-hooks + configMap: + name: {{ template "nextcloud.fullname" . }}-notify-push + defaultMode: 0o755 + items: + - key: hook.sh + path: notify_push.sh + {{- end }} {{- if not (values .Values.nextcloud.hooks | compact | empty) }} - name: nextcloud-hooks configMap: diff --git a/charts/nextcloud/templates/ingress.yaml b/charts/nextcloud/templates/ingress.yaml index 83768774..0a86e12a 100644 --- a/charts/nextcloud/templates/ingress.yaml +++ b/charts/nextcloud/templates/ingress.yaml @@ -35,6 +35,15 @@ spec: serviceName: {{ template "nextcloud.fullname" . }} servicePort: {{ .Values.service.port }} {{- end }} + {{- if .Values.notifyPush.enabled }} + - path: {{ .Values.notifyPush.ingress.path }} + pathType: {{ .Values.notifyPush.ingress.pathType }} + backend: + service: + name: {{ template "nextcloud.fullname" . }}-notify-push + port: + name: http + {{- end }} {{- with .Values.ingress.tls }} tls: {{- toYaml . | nindent 4 }} diff --git a/charts/nextcloud/templates/metrics/service.yaml b/charts/nextcloud/templates/metrics/service.yaml index 759d081a..d2b8c061 100644 --- a/charts/nextcloud/templates/metrics/service.yaml +++ b/charts/nextcloud/templates/metrics/service.yaml @@ -1,29 +1,32 @@ {{- if .Values.metrics.enabled }} +{{- with .Values.metrics.service }} --- apiVersion: v1 kind: Service metadata: - name: {{ template "nextcloud.fullname" . }}-metrics + name: {{ template "nextcloud.fullname" $ }}-metrics labels: {{- include "nextcloud.labels" ( dict "component" "metrics" "rootContext" $ ) | nindent 4 }} - {{- with .Values.metrics.service.labels }} + app.kubernetes.io/monitor: enabled + {{- with .labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.metrics.service.annotations }} + {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - type: {{ .Values.metrics.service.type }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - {{- with .Values.metrics.service.loadBalancerIP }} + type: {{ .type }} + {{- if eq .type "LoadBalancer" }} + {{- with .loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} {{- end }} + selector: + {{- include "nextcloud.selectorLabels" ( dict "component" "metrics" "rootContext" $ ) | nindent 4 }} ports: - name: metrics - port: 9205 + port: 9100 targetPort: metrics - selector: - {{- include "nextcloud.selectorLabels" ( dict "component" "metrics" "rootContext" $ ) | nindent 4 }} +{{- end }} {{- end }} diff --git a/charts/nextcloud/templates/metrics/servicemonitor.yaml b/charts/nextcloud/templates/metrics/servicemonitor.yaml deleted file mode 100644 index 53bcc44c..00000000 --- a/charts/nextcloud/templates/metrics/servicemonitor.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "nextcloud.fullname" . }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }} - labels: - {{- include "nextcloud.labels" ( dict "component" "metrics" "rootContext" $ ) | nindent 4 }} - {{- with .Values.metrics.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: - {{- include "nextcloud.selectorLabels" ( dict "component" "metrics" "rootContext" $ ) | nindent 6 }} - namespaceSelector: - {{- with .Values.metrics.serviceMonitor.namespaceSelector }} - {{- toYaml . | nindent 4 }} - {{- else }} - matchNames: - - {{ .Release.Namespace | quote }} - {{- end }} - endpoints: - - port: metrics - path: "/" - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} -{{- end }} diff --git a/charts/nextcloud/templates/notify_push/configmap.yaml b/charts/nextcloud/templates/notify_push/configmap.yaml new file mode 100644 index 00000000..bc3b920f --- /dev/null +++ b/charts/nextcloud/templates/notify_push/configmap.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "nextcloud.fullname" . }}-notify-push + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + hook.sh: |- + {{- tpl (.Files.Get "files/notify_push.sh.tpl" ) . | nindent 4 }} +{{- end }} diff --git a/charts/nextcloud/templates/notify_push/deployment.yaml b/charts/nextcloud/templates/notify_push/deployment.yaml new file mode 100644 index 00000000..7089777b --- /dev/null +++ b/charts/nextcloud/templates/notify_push/deployment.yaml @@ -0,0 +1,65 @@ +{{- if .Values.notifyPush.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "nextcloud.fullname" . }}-notify-push + labels: + {{- include "nextcloud.labels" ( dict "component" "notify-push" "rootContext" $ ) | nindent 4 }} +spec: + replicas: {{ .Values.notifyPush.replicaCount }} + selector: + matchLabels: + {{- include "nextcloud.selectorLabels" ( dict "component" "notify-push" "rootContext" $ ) | nindent 6 }} + template: + metadata: + annotations: + {{- toYaml .Values.notifyPush.podAnnotations | nindent 8 }} + labels: + {{- include "nextcloud.selectorLabels" ( dict "component" "notify-push" "rootContext" $ ) | nindent 8 }} + {{- if .Values.redis.enabled }} + {{ template "nextcloud.redis.fullname" . }}-client: "true" + {{- end }} + {{- with .Values.notifyPush.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.notifyPush.image.pullSecrets }} + imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: notify-push + {{- with .Values.notifyPush.image }} + image: "{{ .registry }}/{{ .repository }}:{{ .tag }}" + imagePullPolicy: {{ .pullPolicy }} + {{- end }} + env: + - name: PORT + value: "7867" + - name: METRICS_PORT + value: "9867" + {{- include "nextcloud.env.database" . | nindent 12 }} + {{- if .Values.redis.enabled }} + {{- include "nextcloud.env.redis" . | nindent 12 }} + {{- end }} + - name: NEXTCLOUD_URL # deployment.namespace.svc.cluster.local + value: "http{{ if .Values.notifyPush.https }}s{{ end }}://{{ template "nextcloud.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}" + {{- with .Values.notifyPush.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 7867 + - name: metrics + containerPort: 9867 + {{- with .Values.notifyPush.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true +{{- end }} diff --git a/charts/nextcloud/templates/notify_push/service.yaml b/charts/nextcloud/templates/notify_push/service.yaml new file mode 100644 index 00000000..40fa6a3d --- /dev/null +++ b/charts/nextcloud/templates/notify_push/service.yaml @@ -0,0 +1,35 @@ +{{- if .Values.notifyPush.enabled }} +{{- with .Values.notifyPush.service }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "nextcloud.fullname" $ }}-notify-push + labels: + {{- include "nextcloud.labels" ( dict "component" "notify-push" "rootContext" $ ) | nindent 4 }} + app.kubernetes.io/monitor: enabled + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .type }} + {{- if eq .type "LoadBalancer" }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- end }} + selector: + {{- include "nextcloud.selectorLabels" ( dict "component" "notify-push" "rootContext" $ ) | nindent 4 }} + ports: + - name: http + port: 80 + targetPort: http + - name: metrics + port: 9100 + targetPort: metrics +{{- end }} +{{- end }} diff --git a/charts/nextcloud/templates/metrics/prometheus-rules.yaml b/charts/nextcloud/templates/prometheus-rules.yaml similarity index 91% rename from charts/nextcloud/templates/metrics/prometheus-rules.yaml rename to charts/nextcloud/templates/prometheus-rules.yaml index 3eaa8946..5df650f7 100644 --- a/charts/nextcloud/templates/metrics/prometheus-rules.yaml +++ b/charts/nextcloud/templates/prometheus-rules.yaml @@ -1,4 +1,4 @@ -{{- if .Values.metrics.rules.enabled }} +{{- if .Values.prometheus.rules.enabled }} {{- $fullname := include "nextcloud.fullname" . }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule @@ -6,12 +6,12 @@ metadata: name: {{ $fullname }} labels: {{- include "nextcloud.labels" ( dict "rootContext" $ ) | nindent 4 }} - {{- with .Values.metrics.rules.labels }} + {{- with .Values.prometheus.rules.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: groups: - {{- with .Values.metrics.rules.defaults }} + {{- with .Values.prometheus.rules.defaults }} {{- if .enabled }} {{- $filter := .filter | default (printf `namespace="%s",job=~"^%s.*"` $.Release.Namespace $fullname) }} - name: {{ $fullname }}-Defaults @@ -52,7 +52,7 @@ spec: `}} {{- end }} {{- end }}{{/* end-with prometheus.rules.default */}} - {{- with .Values.metrics.rules.additionalRules }} + {{- with .Values.prometheus.rules.additionalRules }} - name: {{ $fullname }}-Additional rules: {{- toYaml . | nindent 8 }} diff --git a/charts/nextcloud/templates/service.yaml b/charts/nextcloud/templates/service.yaml index 78ac3b99..afef2d13 100644 --- a/charts/nextcloud/templates/service.yaml +++ b/charts/nextcloud/templates/service.yaml @@ -39,6 +39,4 @@ spec: nodePort: {{ . }} {{- end }} selector: - app.kubernetes.io/name: {{ include "nextcloud.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: app + {{- include "nextcloud.selectorLabels" ( dict "component" "app" "rootContext" $ ) | nindent 4 }} diff --git a/charts/nextcloud/templates/servicemonitor.yaml b/charts/nextcloud/templates/servicemonitor.yaml new file mode 100644 index 00000000..9a5f19d4 --- /dev/null +++ b/charts/nextcloud/templates/servicemonitor.yaml @@ -0,0 +1,37 @@ +{{- with .Values.prometheus.serviceMonitor }} +{{- if .enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "nextcloud.fullname" $ }} + namespace: {{ .namespace | default $.Release.Namespace | quote }} + labels: + {{- include "nextcloud.labels" ( dict "rootContext" $ ) | nindent 4 }} + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .jobLabel | quote }} + selector: + matchLabels: + {{- include "nextcloud.selectorLabels" ( dict "rootContext" $ ) | nindent 6 }} + app.kubernetes.io/monitor: enabled + namespaceSelector: + {{- with .namespaceSelector }} + {{- toYaml . | nindent 4 }} + {{- else }} + matchNames: + - {{ $.Release.Namespace | quote }} + {{- end }} + endpoints: + - port: metrics + path: "/metrics" + {{- with .interval }} + interval: {{ . }} + {{- end }} + {{- with .scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/nextcloud/test-values/notify_push.yaml b/charts/nextcloud/test-values/notify_push.yaml new file mode 100644 index 00000000..6e9b1bb8 --- /dev/null +++ b/charts/nextcloud/test-values/notify_push.yaml @@ -0,0 +1,10 @@ +redis: + enabled: true + +internalDatabase: + enabled: false +mariadb: + enabled: true + +notifyPush: + enabled: true diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 9c44fd28..43e783e3 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -421,11 +421,14 @@ externalDatabase: ## Use a existing secret existingSecret: enabled: false - # secretName: nameofsecret + # -- e.g. nameofsecret + secretName: usernameKey: db-username passwordKey: db-password - # hostKey: db-hostname-or-ip - # databaseKey: db-name + # -- e.g. db-hostname-or-ip + hostKey: + # -- e.g. db-name + databaseKey: ## ## MariaDB chart configuration @@ -813,12 +816,89 @@ topologySpreadConstraints: [] affinity: {} -dnsConfig: {} -# Custom dns config for Nextcloud containers. -# You can for example configure ndots. This may be needed in some clusters with alpine images. -# options: -# - name: ndots -# value: "1" +dnsConfig: + # -- Custom dns config for Nextcloud containers. + # You can for example configure ndots. This may be needed in some clusters with alpine images. + # options: + # - name: ndots + # value: "1" + options: [] + + +# Notify Push (Clientpush) +notifyPush: + # -- Enable another deployment to handle notify_push (sometimes called ClientPush) + # @section -- Notify Push (Clientpush) + enabled: false + # -- Setup notify_push on nextcloud per docker-entrypoint-hooks before start + # @section -- Notify Push (Clientpush) + autoSetup: false + + # -- Number of notify-push pod replicas to deploy + # @section -- Notify Push (Clientpush) + replicaCount: 1 + + image: + # -- notify-push image registry + # @section -- Notify Push (Clientpush) + registry: docker.io + # -- notify-push image name (there is no official image yet: https://github.com/nextcloud/notify_push/issues/106) + # @section -- Notify Push (Clientpush) + repository: miles170/notify_push + # -- notify-push image tag + # @section -- Notify Push (Clientpush) + tag: v1.0.0 + # -- notify-push image pull policy + # @section -- Notify Push (Clientpush) + pullPolicy: IfNotPresent + # -- notify-push image pull secrets + # e.g. + # - myRegistrKeySecretName + # @section -- Notify Push (Clientpush) + pullSecrets: [] + + # -- option additional env (if a external redis is used, you need to set REDIS_URL) + # @section -- Notify Push (Clientpush) + extraEnv: [] + + # -- Additional annotations for notify-push pods + # @section -- Notify Push (Clientpush) + podAnnotations: {} + # -- Additional labels for notify-push pods + # @section -- Notify Push (Clientpush) + podLabels: {} + # -- Optional security context for the notify-push pod + # @section -- Notify Push (Clientpush) + podSecurityContext: {} + + # -- Optional security context for the notify-push container + # @section -- Notify Push (Clientpush) + securityContext: {} + # -- notify-push resources + # @section -- Notify Push (Clientpush) + resources: {} + + service: + # -- notify-push: Kubernetes Service type + # @section -- Notify Push (Clientpush) + type: ClusterIP + # -- Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank + # @section -- Notify Push (Clientpush) + loadBalancerIP: + # -- Additional annotations for service notify-push + # @section -- Notify Push (Clientpush) + annotations: {} + # -- Additional labels for service notify-push + # @section -- Notify Push (Clientpush) + labels: {} + + ingress: + # -- Add path in default ingress to notify_push service + # @section -- Notify Push (Clientpush) + path: /push + # -- PathType for additional path in default ingress for notify-push path + # @section -- Notify Push (Clientpush) + pathType: Prefix imaginary: # -- Start Imgaginary @@ -973,8 +1053,9 @@ metrics: # seccompProfile: # type: RuntimeDefault +prometheus: ## Prometheus Operator ServiceMonitor configuration - ## + ## collects data from nextcloud metrics and notify_push if enabled serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator ## From 8ab29bbe27670db85f7f5ae4b0a6fc0584cb5d9f Mon Sep 17 00:00:00 2001 From: WrenIX Date: Fri, 24 Jan 2025 10:18:53 +0100 Subject: [PATCH 2/3] fix(ci): add notifyPush test - WIP Signed-off-by: WrenIX --- .github/workflows/lint-test.yaml | 27 +++++++++++++++---- charts/nextcloud/test-values/notify_push.yaml | 9 +++++++ 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index bbb9a0b0..96c0af8c 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -83,10 +83,6 @@ jobs: - name: Horizontal Pod Autoscaling Enabled helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/hpa.yaml"' - # test the helm chart with notify push enabled - - name: Notify Push Enabled - helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/notify_push.yaml"' - # test the helm chart with s3 as the primary storage - name: S3 Enabled as Primary Storage # we need to skip the clean up so we can test adding a file @@ -96,7 +92,8 @@ jobs: # test the helm chart with imaginary - name: Imaginary Enabled - helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml" + helm_args: | + --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml" test: true # test the helm chart with extra manifests @@ -107,6 +104,12 @@ jobs: helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/extra-manifests-map.yaml" test: true + # test the helm chart with notify push enabled + - name: Notify Push Enabled + helm_args: | + --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/notify_push.yaml" + testNotifyPush: true + steps: - name: Checkout uses: actions/checkout@v6 @@ -173,6 +176,20 @@ jobs: kubectl logs --ignore-errors --prefix -l app.kubernetes.io/name=nextcloud exit $EXIT + - name: Run test for Notify Push + if: matrix.test_cases.testNotifyPush + # applies a kubernetes job that uploads a file and then checks log of finished pod + run: | + EXIT=0 + kubectl config set-context --current --namespace=nextcloud + POD=$(kubectl get pods -o name --selector "app.kubernetes.io/component=app") + (kubectl wait --for=condition=Ready --timeout=2m "${POD}" && sleep 60) || EXIT=1 + kubectl exec --stdin "${POD}" -c nextcloud -- sh -c ' + chsh -s /bin/sh www-data + su -l www-data -c "/var/www/html/occ notify_push:self-test" + ' || EXIT=1 + exit $EXIT + summary: runs-on: ubuntu-latest-low needs: [changes, test] diff --git a/charts/nextcloud/test-values/notify_push.yaml b/charts/nextcloud/test-values/notify_push.yaml index 6e9b1bb8..5167e8f9 100644 --- a/charts/nextcloud/test-values/notify_push.yaml +++ b/charts/nextcloud/test-values/notify_push.yaml @@ -1,3 +1,11 @@ +fullnameOverride: nextcloud + +nextcloud: + host: "nextcloud.nextcloud.svc.cluster.local" + trustedDomains: + - 'nextcloud.nextcloud.svc.cluster.local' + - 'nextcloud' + redis: enabled: true @@ -8,3 +16,4 @@ mariadb: notifyPush: enabled: true + autoSetup: true From dc4094b4a651d05e7ca97ca1c7b42d3e00336189 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Wed, 12 Feb 2025 17:24:00 +0100 Subject: [PATCH 3/3] fix(ci): add notifyPush test - WIP by setup ingress Signed-off-by: WrenIX --- .github/workflows/lint-test.yaml | 6 ++++++ charts/nextcloud/test-values/notify_push.yaml | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 96c0af8c..3a0a64c5 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -109,6 +109,7 @@ jobs: helm_args: | --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/notify_push.yaml" testNotifyPush: true + ingress: true steps: - name: Checkout @@ -156,6 +157,11 @@ jobs: --values .github/tests/minio_test_values.yaml \ minio/minio + - name: Install Ingress + if: matrix.test_cases.ingress + run: | + kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml + - name: Run chart-testing (install ${{ matrix.test_cases.name }}) id: install if: steps.list-changed.outputs.changed == 'true' diff --git a/charts/nextcloud/test-values/notify_push.yaml b/charts/nextcloud/test-values/notify_push.yaml index 5167e8f9..05b3aeb5 100644 --- a/charts/nextcloud/test-values/notify_push.yaml +++ b/charts/nextcloud/test-values/notify_push.yaml @@ -1,11 +1,15 @@ fullnameOverride: nextcloud nextcloud: - host: "nextcloud.nextcloud.svc.cluster.local" + host: "ingress-nginx-controller.ingress-nginx.svc" trustedDomains: - 'nextcloud.nextcloud.svc.cluster.local' + - 'ingress-nginx-controller.ingress-nginx.svc' - 'nextcloud' +ingress: + enabled: true + redis: enabled: true