gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat: Replace Nextcloud with oCIS (ownCloud Infinite Scale)

Browse source 
Removes the full Nextcloud stack (PostgreSQL/CNPG, Valkey, Caddy sidecar)
and replaces it with oCIS at drive.tr1ceracop.de. oCIS is self-contained
(no external DB/cache needed) with S3ng storage backend on Hetzner Object
Storage (bucket: ocis-tr1ceracop). Chart sourced from git via vendir since
it is not published to a Helm repo.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Felix Wolf 2026-04-04 20:19:54 +02:00
parent d1959dd6cf
commit ffa171bfb0
127 changed files with 5781 additions and 1151 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml
View file

@ -1,16 +0,0 @@
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.all, expects="1+"
---
#@overlay/match-child-defaults missing_ok=True
spec:
ignoreDifferences:
- group: batch
kind: Job
jsonPointers:
- /spec/selector
- /spec/template/metadata/labels
syncPolicy:
syncOptions:
#@overlay/append
- RespectIgnoreDifferences=true

2
envs/production/_apps/nextcloud/app-data.ytt.yaml → envs/production/_apps/ocis/app-data.ytt.yaml
View file

@ -2,4 +2,4 @@
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: nextcloud
namespace: ocis

2
envs/production/env-data.ytt.yaml
View file

@ -14,4 +14,4 @@ environment:
- proto: hcloud-csi
- proto: cloudnative-pg
- proto: metrics-server
- proto: nextcloud
- proto: ocis

198
prototypes/nextcloud/helm/nextcloud.yaml
View file

@ -1,198 +0,0 @@
---
_hostname: &hostname nextcloud.tr1ceracop.de
replicaCount: 1
image:
flavor: fpm-alpine
nginx:
enabled: false
nextcloud:
host: *hostname
existingSecret:
enabled: true
secretName: nextcloud-admin-secret
usernameKey: nextcloud-username
passwordKey: nextcloud-password
objectStore:
s3:
enabled: true
bucket: nextcloud-tr1ceracop
host: nbg1.your-objectstorage.com
port: "443"
ssl: true
region: nbg1
usePathStyle: true
existingSecret: nextcloud-s3-credentials
secretKeys:
accessKey: ACCESS_KEY_ID
secretKey: SECRET_ACCESS_KEY
defaultConfigs:
.htaccess: false
apache-pretty-urls.config.php: false
apcu.config.php: false
apps.config.php: false
autoconfig.php: false
redis.config.php: false
reverse-proxy.config.php: false
s3.config.php: false
smtp.config.php: false
swift.config.php: false
upgrade-disable-web.config.php: false
helm-metrics.config.php: false
extraEnv:
- name: TRUSTED_PROXIES
value: "10.0.0.0/8"
- name: OVERWRITEPROTOCOL
value: "https"
- name: OVERWRITEHOST
value: *hostname
- name: OVERWRITECLIURL
value: "https://nextcloud.tr1ceracop.de"
- name: NC_default_phone_region
value: "DE"
phpConfigs:
uploadLimit.ini: |
upload_max_filesize = 16G
post_max_size = 16G
max_input_time = 3600
max_execution_time = 3600
opcache.ini: |
opcache.enable=1
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=10000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=60
extraSidecarContainers:
- name: caddy
image: caddy:2-alpine
ports:
- name: http
containerPort: 80
protocol: TCP
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/data
subPath: data
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: caddy-config
mountPath: /etc/caddy
resources:
requests:
cpu: 50m
memory: 32Mi
limits:
memory: 64Mi
livenessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: *hostname
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: *hostname
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 5
extraVolumes:
- name: caddy-config
configMap:
name: nextcloud-caddy-config
strategy:
type: Recreate
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
host: nextcloud-cnpg-rw.nextcloud.svc:5432
database: nextcloud
existingSecret:
enabled: true
secretName: nextcloud-cnpg-app
usernameKey: username
passwordKey: password
mariadb:
enabled: false
postgresql:
enabled: false
redis:
enabled: false
externalRedis:
enabled: true
host: nextcloud-valkey.nextcloud.svc
port: "6379"
existingSecret:
enabled: true
secretName: nextcloud-valkey-password
passwordKey: password
cronjob:
enabled: true
persistence:
enabled: true
size: 2Gi
storageClass: local-path
annotations:
helm.sh/resource-policy: keep
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt
tls:
- secretName: nextcloud-tls
hosts:
- *hostname
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
memory: 512Mi

8
prototypes/nextcloud/vendir/vendir-data.ytt.yaml
View file

@ -1,8 +0,0 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
#! renovate: datasource=helm
name: nextcloud
url: https://nextcloud.github.io/helm/
version: 9.0.4

85
prototypes/nextcloud/ytt/admin-secret-job.ytt.yaml
View file

@ -1,85 +0,0 @@
#@ load("@ytt:data", "data")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nextcloud-secret-init
namespace: #@ ns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nextcloud-secret-init
namespace: #@ ns
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nextcloud-secret-init
namespace: #@ ns
subjects:
- kind: ServiceAccount
name: nextcloud-secret-init
namespace: #@ ns
roleRef:
kind: Role
name: nextcloud-secret-init
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: nextcloud-secret-init
namespace: #@ ns
annotations:
argocd.argoproj.io/sync-options: Replace=true
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: nextcloud-secret-init
restartPolicy: OnFailure
containers:
- name: init
image: alpine/k8s:1.32.3
command:
- sh
- -c
- |
set -e
if ! kubectl get secret nextcloud-admin-secret -n ${NAMESPACE} >/dev/null 2>&1; then
PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24)
kubectl create secret generic nextcloud-admin-secret \
-n ${NAMESPACE} \
--from-literal=nextcloud-username=admin \
--from-literal=nextcloud-password="${PASSWORD}"
echo "Created nextcloud-admin-secret"
else
echo "nextcloud-admin-secret already exists, skipping"
fi
if ! kubectl get secret nextcloud-valkey-password -n ${NAMESPACE} >/dev/null 2>&1; then
VALKEY_PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24)
kubectl create secret generic nextcloud-valkey-password \
-n ${NAMESPACE} \
--from-literal=password="${VALKEY_PASSWORD}"
echo "Created nextcloud-valkey-password"
else
echo "nextcloud-valkey-password already exists, skipping"
fi
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace

61
prototypes/nextcloud/ytt/caddy.ytt.yaml
View file

@ -1,61 +0,0 @@
#@ load("@ytt:data", "data")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-caddy-config
namespace: #@ ns
data:
Caddyfile: |
:80 {
root * /var/www/html
header {
Referrer-Policy "no-referrer"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-Permitted-Cross-Domain-Policies "none"
X-Robots-Tag "noindex, nofollow"
X-XSS-Protection "1; mode=block"
-X-Powered-By
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
redir /.well-known/* /index.php{uri} 301
@blocked path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
respond @blocked 404
@davclnt {
path /
header User-Agent DavClnt*
}
redir @davclnt /remote.php/webdav/ 302
redir /remote /remote.php{uri} 301
php_fastcgi 127.0.0.1:9000 {
env HTTPS on
env modHeadersAvailable true
env front_controller_active true
resolve_root_symlink
}
@static path *.css *.js *.mjs *.svg *.gif *.ico *.jpg *.png *.webp *.wasm *.tflite *.map *.ogg *.flac
header @static Cache-Control "max-age=15778463"
@fonts path *.otf *.woff *.woff2
header @fonts Cache-Control "max-age=604800"
encode gzip
file_server
request_body {
max_size 16GB
}
}

36
prototypes/nextcloud/ytt/cnpg-cluster.ytt.yaml
View file

@ -1,36 +0,0 @@
#@ load("@ytt:data", "data")
#@ ns = data.values.application.namespace
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: nextcloud-cnpg
namespace: #@ ns
spec:
instances: 2
bootstrap:
initdb:
database: nextcloud
owner: nextcloud
storage:
size: 5Gi
storageClass: hcloud-volumes
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 512Mi
postgresql:
parameters:
shared_buffers: "64MB"
effective_cache_size: "128MB"
work_mem: "4MB"
maintenance_work_mem: "32MB"
max_connections: "100"

78
prototypes/nextcloud/ytt/valkey.ytt.yaml
View file

@ -1,78 +0,0 @@
#@ load("@ytt:data", "data")
#@ ns = data.values.application.namespace
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud-valkey
namespace: #@ ns
labels:
app.kubernetes.io/name: valkey
app.kubernetes.io/instance: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: valkey
app.kubernetes.io/instance: nextcloud
template:
metadata:
labels:
app.kubernetes.io/name: valkey
app.kubernetes.io/instance: nextcloud
spec:
containers:
- name: valkey
image: valkey/valkey:8-alpine
args:
- valkey-server
- --requirepass
- $(VALKEY_PASSWORD)
env:
- name: VALKEY_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-valkey-password
key: password
ports:
- name: valkey
containerPort: 6379
protocol: TCP
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
memory: 128Mi
livenessProbe:
tcpSocket:
port: valkey
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
tcpSocket:
port: valkey
initialDelaySeconds: 5
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-valkey
namespace: #@ ns
labels:
app.kubernetes.io/name: valkey
app.kubernetes.io/instance: nextcloud
spec:
type: ClusterIP
ports:
- port: 6379
targetPort: valkey
protocol: TCP
name: valkey
selector:
app.kubernetes.io/name: valkey
app.kubernetes.io/instance: nextcloud

2
prototypes/nextcloud/app-data.ytt.yaml → prototypes/ocis/app-data.ytt.yaml
View file

@ -2,4 +2,4 @@
---
#@overlay/match-child-defaults missing_ok=True
application:
namespace: nextcloud
namespace: ocis

83
prototypes/ocis/helm/ocis.yaml Normal file
View file

@ -0,0 +1,83 @@
---
externalDomain: drive.tr1ceracop.de
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt
tls:
- secretName: ocis-tls
hosts:
- drive.tr1ceracop.de
features:
emailNotifications:
enabled: false
secretRefs:
s3CredentialsSecretRef: ocis-s3-credentials
services:
storageusers:
storageBackend:
driver: s3ng
driverConfig:
s3ng:
endpoint: https://nbg1.your-objectstorage.com
region: nbg1
bucket: ocis-tr1ceracop
persistence:
enabled: true
storageClassName: local-path
size: 5Gi
accessModes:
- ReadWriteOnce
storagesystem:
persistence:
enabled: true
storageClassName: local-path
size: 5Gi
accessModes:
- ReadWriteOnce
idm:
persistence:
enabled: true
storageClassName: local-path
size: 1Gi
accessModes:
- ReadWriteOnce
nats:
persistence:
enabled: true
storageClassName: local-path
size: 1Gi
accessModes:
- ReadWriteOnce
search:
persistence:
enabled: true
storageClassName: local-path
size: 5Gi
accessModes:
- ReadWriteOnce
web:
persistence:
enabled: true
storageClassName: local-path
size: 1Gi
accessModes:
- ReadWriteOnce
thumbnails:
persistence:
enabled: true
storageClassName: local-path
size: 2Gi
accessModes:
- ReadWriteOnce

9
prototypes/nextcloud/vendir/base.ytt.yaml → prototypes/ocis/vendir/base.ytt.yaml
View file

@ -8,9 +8,8 @@ directories:
- path: #@ "charts/" + app.name
contents:
- path: .
helmChart:
name: #@ app.name
version: #@ app.version
repository:
url: #@ app.url
git:
url: #@ app.gitUrl
ref: #@ app.gitRef
newRootPath: #@ app.chartPath
lazy: true

8
prototypes/ocis/vendir/vendir-data.ytt.yaml Normal file
View file

@ -0,0 +1,8 @@
#@data/values-schema
---
#@overlay/match-child-defaults missing_ok=True
application:
name: ocis
gitUrl: https://github.com/owncloud/ocis-charts.git
gitRef: main
chartPath: charts/ocis

0
prototypes/nextcloud/ytt/ns.ytt.yaml → prototypes/ocis/ytt/ns.ytt.yaml
View file

77
prototypes/ocis/ytt/s3-secret-job.ytt.yaml Normal file
View file

@ -0,0 +1,77 @@
#@ load("@ytt:data", "data")
#@ ns = data.values.application.namespace
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ocis-secret-init
namespace: #@ ns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ocis-secret-init
namespace: #@ ns
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ocis-secret-init
namespace: #@ ns
subjects:
- kind: ServiceAccount
name: ocis-secret-init
namespace: #@ ns
roleRef:
kind: Role
name: ocis-secret-init
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: ocis-secret-init
namespace: #@ ns
annotations:
argocd.argoproj.io/sync-options: Replace=true
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: ocis-secret-init
restartPolicy: OnFailure
containers:
- name: init
image: alpine/k8s:1.32.3
command:
- sh
- -c
- |
set -e
SECRET_NAME="ocis-s3-credentials"
if ! kubectl get secret "${SECRET_NAME}" -n ${NAMESPACE} >/dev/null 2>&1; then
echo "ERROR: Secret ${SECRET_NAME} does not exist in namespace ${NAMESPACE}."
echo "Please create it manually with keys 'accessKey' and 'secretKey':"
echo " kubectl create secret generic ${SECRET_NAME} -n ${NAMESPACE} \\"
echo " --from-literal=accessKey=<your-access-key> \\"
echo " --from-literal=secretKey=<your-secret-key>"
exit 1
else
echo "Secret ${SECRET_NAME} exists, OK"
fi
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace

13
rendered/argocd/production/app-nextcloud.yaml → rendered/argocd/production/app-ocis.yaml
View file

@ -5,21 +5,15 @@ metadata:
myks.dev/environment: production
finalizers:
- resources-finalizer.argocd.argoproj.io
name: app-production-nextcloud
name: app-production-ocis
namespace: argocd
spec:
destination:
namespace: nextcloud
namespace: ocis
server: https://kubernetes.default.svc
ignoreDifferences:
- group: batch
jsonPointers:
- /spec/selector
- /spec/template/metadata/labels
kind: Job
project: env-production
source:
path: rendered/envs/production/nextcloud
path: rendered/envs/production/ocis
repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
targetRevision: main
syncPolicy:
@ -29,4 +23,3 @@ spec:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true

29
rendered/envs/production/nextcloud/cluster-nextcloud-cnpg.yaml
View file

@ -1,29 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
name: nextcloud-cnpg
namespace: nextcloud
spec:
bootstrap:
initdb:
database: nextcloud
owner: nextcloud
instances: 2
postgresql:
parameters:
effective_cache_size: 128MB
maintenance_work_mem: 32MB
max_connections: "100"
shared_buffers: 64MB
work_mem: 4MB
resources:
limits:
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
storage:
size: 5Gi
storageClass: hcloud-volumes

58
rendered/envs/production/nextcloud/configmap-nextcloud-caddy-config.yaml
View file

@ -1,58 +0,0 @@
apiVersion: v1
data:
Caddyfile: |
:80 {
root * /var/www/html
header {
Referrer-Policy "no-referrer"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-Permitted-Cross-Domain-Policies "none"
X-Robots-Tag "noindex, nofollow"
X-XSS-Protection "1; mode=block"
-X-Powered-By
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
redir /.well-known/* /index.php{uri} 301
@blocked path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
respond @blocked 404
@davclnt {
path /
header User-Agent DavClnt*
}
redir @davclnt /remote.php/webdav/ 302
redir /remote /remote.php{uri} 301
php_fastcgi 127.0.0.1:9000 {
env HTTPS on
env modHeadersAvailable true
env front_controller_active true
resolve_root_symlink
}
@static path *.css *.js *.mjs *.svg *.gif *.ico *.jpg *.png *.webp *.wasm *.tflite *.map *.ogg *.flac
header @static Cache-Control "max-age=15778463"
@fonts path *.otf *.woff *.woff2
header @fonts Cache-Control "max-age=604800"
encode gzip
file_server
request_body {
max_size 16GB
}
}
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
name: nextcloud-caddy-config
namespace: nextcloud

26
rendered/envs/production/nextcloud/configmap-nextcloud-phpconfig.yaml
View file

@ -1,26 +0,0 @@
apiVersion: v1
data:
opcache.ini: |-
opcache.enable=1
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=10000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=60
uploadLimit.ini: |-
upload_max_filesize = 16G
post_max_size = 16G
max_input_time = 3600
max_execution_time = 3600
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 33.0.0
helm.sh/chart: nextcloud-9.0.4
name: nextcloud-phpconfig
namespace: nextcloud

55
rendered/envs/production/nextcloud/deployment-nextcloud-valkey.yaml
View file

@ -1,55 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: valkey
name: nextcloud-valkey
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: valkey
template:
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: valkey
spec:
containers:
- args:
- valkey-server
- --requirepass
- $(VALKEY_PASSWORD)
env:
- name: VALKEY_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: nextcloud-valkey-password
image: valkey/valkey:8-alpine
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
tcpSocket:
port: valkey
name: valkey
ports:
- containerPort: 6379
name: valkey
protocol: TCP
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
tcpSocket:
port: valkey
resources:
limits:
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi

358
rendered/envs/production/nextcloud/deployment-nextcloud.yaml
View file

@ -1,358 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 33.0.0
helm.sh/chart: nextcloud-9.0.4
name: nextcloud
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: nextcloud
strategy:
type: Recreate
template:
metadata:
annotations:
hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204
nextcloud-config-hash: 97fd373864ae7c5da0eb066761ee479483364e3957160cacca360fc6a66c03f7
php-config-hash: b638f66fd8d65de8364dbad6efc59a6524c7b2e2377b5623cf5e921e4d3d2400
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: nextcloud
spec:
containers:
- env:
- name: POSTGRES_HOST
value: nextcloud-cnpg-rw.nextcloud.svc:5432
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: nextcloud-cnpg-app
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: nextcloud-cnpg-app
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
key: nextcloud-username
name: nextcloud-admin-secret
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: nextcloud-password
name: nextcloud-admin-secret
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.tr1ceracop.de
- name: OPENMETRICS_ALLOWED_CLIENTS
value: 127.0.0.1,10.42.0.0/16,10.43.0.0/16
- name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data
- name: REDIS_HOST
value: nextcloud-valkey.nextcloud.svc
- name: REDIS_HOST_PORT
value: "6379"
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: nextcloud-valkey-password
- name: OBJECTSTORE_S3_SSL
value: "true"
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_AUTOCREATE
value: "false"
- name: OBJECTSTORE_S3_REGION
value: nbg1
- name: OBJECTSTORE_S3_PORT
value: "443"
- name: OBJECTSTORE_S3_STORAGE_CLASS
value: STANDARD
- name: OBJECTSTORE_S3_HOST
value: nbg1.your-objectstorage.com
- name: OBJECTSTORE_S3_BUCKET
value: nextcloud-tr1ceracop
- name: OBJECTSTORE_S3_KEY
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: nextcloud-s3-credentials
- name: OBJECTSTORE_S3_SECRET
valueFrom:
secretKeyRef:
key: SECRET_ACCESS_KEY
name: nextcloud-s3-credentials
- name: OBJECTSTORE_S3_SSE_C_KEY
value: ""
- name: TRUSTED_PROXIES
value: 10.0.0.0/8
- name: OVERWRITEPROTOCOL
value: https
- name: OVERWRITEHOST
value: nextcloud.tr1ceracop.de
- name: OVERWRITECLIURL
value: https://nextcloud.tr1ceracop.de
- name: NC_default_phone_region
value: DE
image: docker.io/library/nextcloud:33.0.0-fpm-alpine
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: Host
value: nextcloud.tr1ceracop.de
path: /status.php
port: 80
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: nextcloud
ports:
- containerPort: 80
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: Host
value: nextcloud.tr1ceracop.de
path: /status.php
port: 80
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
memory: 512Mi
requests:
cpu: 200m
memory: 256Mi
volumeMounts:
- mountPath: /var/www/
name: nextcloud-main
subPath: root
- mountPath: /var/www/html
name: nextcloud-main
subPath: html
- mountPath: /var/www/html/data
name: nextcloud-main
subPath: data
- mountPath: /var/www/html/config
name: nextcloud-main
subPath: config
- mountPath: /var/www/html/custom_apps
name: nextcloud-main
subPath: custom_apps
- mountPath: /var/www/tmp
name: nextcloud-main
subPath: tmp
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
- mountPath: /usr/local/etc/php/conf.d/opcache.ini
name: nextcloud-phpconfig
subPath: opcache.ini
- mountPath: /usr/local/etc/php/conf.d/uploadLimit.ini
name: nextcloud-phpconfig
subPath: uploadLimit.ini
- command:
- /cron.sh
env:
- name: POSTGRES_HOST
value: nextcloud-cnpg-rw.nextcloud.svc:5432
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: nextcloud-cnpg-app
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: nextcloud-cnpg-app
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
key: nextcloud-username
name: nextcloud-admin-secret
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: nextcloud-password
name: nextcloud-admin-secret
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.tr1ceracop.de
- name: OPENMETRICS_ALLOWED_CLIENTS
value: 127.0.0.1,10.42.0.0/16,10.43.0.0/16
- name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data
- name: REDIS_HOST
value: nextcloud-valkey.nextcloud.svc
- name: REDIS_HOST_PORT
value: "6379"
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: nextcloud-valkey-password
- name: OBJECTSTORE_S3_SSL
value: "true"
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_AUTOCREATE
value: "false"
- name: OBJECTSTORE_S3_REGION
value: nbg1
- name: OBJECTSTORE_S3_PORT
value: "443"
- name: OBJECTSTORE_S3_STORAGE_CLASS
value: STANDARD
- name: OBJECTSTORE_S3_HOST
value: nbg1.your-objectstorage.com
- name: OBJECTSTORE_S3_BUCKET
value: nextcloud-tr1ceracop
- name: OBJECTSTORE_S3_KEY
valueFrom:
secretKeyRef:
key: ACCESS_KEY_ID
name: nextcloud-s3-credentials
- name: OBJECTSTORE_S3_SECRET
valueFrom:
secretKeyRef:
key: SECRET_ACCESS_KEY
name: nextcloud-s3-credentials
- name: OBJECTSTORE_S3_SSE_C_KEY
value: ""
- name: TRUSTED_PROXIES
value: 10.0.0.0/8
- name: OVERWRITEPROTOCOL
value: https
- name: OVERWRITEHOST
value: nextcloud.tr1ceracop.de
- name: OVERWRITECLIURL
value: https://nextcloud.tr1ceracop.de
- name: NC_default_phone_region
value: DE
image: docker.io/library/nextcloud:33.0.0-fpm-alpine
imagePullPolicy: IfNotPresent
name: nextcloud-cron
resources: {}
volumeMounts:
- mountPath: /var/www/
name: nextcloud-main
subPath: root
- mountPath: /var/www/html
name: nextcloud-main
subPath: html
- mountPath: /var/www/html/data
name: nextcloud-main
subPath: data
- mountPath: /var/www/html/config
name: nextcloud-main
subPath: config
- mountPath: /var/www/html/custom_apps
name: nextcloud-main
subPath: custom_apps
- mountPath: /var/www/tmp
name: nextcloud-main
subPath: tmp
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
- mountPath: /usr/local/etc/php/conf.d/opcache.ini
name: nextcloud-phpconfig
subPath: opcache.ini
- mountPath: /usr/local/etc/php/conf.d/uploadLimit.ini
name: nextcloud-phpconfig
subPath: uploadLimit.ini
- image: caddy:2-alpine
livenessProbe:
httpGet:
httpHeaders:
- name: Host
value: nextcloud.tr1ceracop.de
path: /status.php
port: 80
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 5
name: caddy
ports:
- containerPort: 80
name: http
protocol: TCP
readinessProbe:
httpGet:
httpHeaders:
- name: Host
value: nextcloud.tr1ceracop.de
path: /status.php
port: 80
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 5
resources:
limits:
memory: 64Mi
requests:
cpu: 50m
memory: 32Mi
volumeMounts:
- mountPath: /var/www/
name: nextcloud-main
subPath: root
- mountPath: /var/www/html
name: nextcloud-main
subPath: html
- mountPath: /var/www/html/data
name: nextcloud-main
subPath: data
- mountPath: /var/www/html/config
name: nextcloud-main
subPath: config
- mountPath: /var/www/html/custom_apps
name: nextcloud-main
subPath: custom_apps
- mountPath: /var/www/tmp
name: nextcloud-main
subPath: tmp
- mountPath: /var/www/html/themes
name: nextcloud-main
subPath: themes
- mountPath: /etc/caddy
name: caddy-config
securityContext:
fsGroup: 33
volumes:
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- configMap:
name: nextcloud-phpconfig
name: nextcloud-phpconfig
- configMap:
name: nextcloud-caddy-config
name: caddy-config

48
rendered/envs/production/nextcloud/job-nextcloud-secret-init.yaml
View file

@ -1,48 +0,0 @@
apiVersion: batch/v1
kind: Job
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
argocd.argoproj.io/sync-options: Replace=true
name: nextcloud-secret-init
namespace: nextcloud
spec:
template:
spec:
containers:
- command:
- sh
- -c
- |
set -e
if ! kubectl get secret nextcloud-admin-secret -n ${NAMESPACE} >/dev/null 2>&1; then
PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24)
kubectl create secret generic nextcloud-admin-secret \
-n ${NAMESPACE} \
--from-literal=nextcloud-username=admin \
--from-literal=nextcloud-password="${PASSWORD}"
echo "Created nextcloud-admin-secret"
else
echo "nextcloud-admin-secret already exists, skipping"
fi
if ! kubectl get secret nextcloud-valkey-password -n ${NAMESPACE} >/dev/null 2>&1; then
VALKEY_PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24)
kubectl create secret generic nextcloud-valkey-password \
-n ${NAMESPACE} \
--from-literal=password="${VALKEY_PASSWORD}"
echo "Created nextcloud-valkey-password"
else
echo "nextcloud-valkey-password already exists, skipping"
fi
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: alpine/k8s:1.32.3
name: init
restartPolicy: OnFailure
serviceAccountName: nextcloud-secret-init
ttlSecondsAfterFinished: 300

20
rendered/envs/production/nextcloud/service-nextcloud-valkey.yaml
View file

@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: valkey
name: nextcloud-valkey
namespace: nextcloud
spec:
ports:
- name: valkey
port: 6379
protocol: TCP
targetPort: valkey
selector:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: valkey
type: ClusterIP

26
rendered/envs/production/nextcloud/service-nextcloud.yaml
View file

@ -1,26 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/monitor: enabled
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 33.0.0
helm.sh/chart: nextcloud-9.0.4
name: nextcloud
namespace: nextcloud
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 80
selector:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: nextcloud
type: ClusterIP

16
rendered/envs/production/ocis/configmap-appregistry-config.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
data:
app-registry.yaml: |
---
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: appregistry-config
namespace: ocis

10
rendered/envs/production/ocis/configmap-auth-service.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
service-account-id: 46ec47ba-00e9-4114-950c-5743e5be4cee
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: auth-service
namespace: ocis

10
rendered/envs/production/ocis/configmap-graph.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
application-id: 1160b6ab-f9d7-464e-96a3-f2a3568ce67f
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: graph
namespace: ocis

52
rendered/envs/production/ocis/configmap-proxy-config.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: v1
data:
csp.yaml: |
---
directives:
child-src:
- '''self'''
connect-src:
- '''self'''
default-src:
- '''none'''
font-src:
- '''self'''
frame-ancestors:
- '''self'''
frame-src:
- '''self'''
- 'blob:'
img-src:
- '''self'''
- 'data:'
- 'blob:'
manifest-src:
- '''self'''
media-src:
- '''self'''
object-src:
- '''self'''
- 'blob:'
script-src:
- '''self'''
- '''unsafe-inline'''
style-src:
- '''self'''
- '''unsafe-inline'''
proxy.yaml: |
---
policy_selector:
static:
policy: ocis
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: proxy-config
namespace: ocis

15
rendered/envs/production/ocis/configmap-sharing-banned-passwords-frontend.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
data:
sharing-banned-passwords.txt: ""
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: sharing-banned-passwords-frontend
namespace: ocis

15
rendered/envs/production/ocis/configmap-sharing-banned-passwords-sharing.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
data:
sharing-banned-passwords.txt: ""
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: sharing-banned-passwords-sharing
namespace: ocis

10
rendered/envs/production/ocis/configmap-storage-users.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
storage-uuid: e77de552-42dc-4d0d-ab83-2fdd35294451
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: storage-users
namespace: ocis

16
rendered/envs/production/ocis/configmap-thumbnails-cleanup-script-configmap.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
data:
thumbnails-cleanup-script.sh: |
#!/bin/sh
find /var/lib/ocis/thumbnails \
-atime \
30 \
-exec rm -rf {} \;
true
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
name: thumbnails-cleanup-script-configmap
namespace: ocis

18
rendered/envs/production/ocis/configmap-web-config.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: v1
data:
web.yaml: |
---
web:
config:
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: web-config
namespace: ocis

123
rendered/envs/production/ocis/cronjob-storage-users-clean-expired-uploads.yaml Normal file
View file

@ -0,0 +1,123 @@
apiVersion: batch/v1
kind: CronJob
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storage-users-clean-expired-uploads
namespace: ocis
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
jobTemplate:
spec:
parallelism: 1
template:
metadata:
labels:
app: storage-users-clean-expired-uploads
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-users
- uploads
- sessions
- --clean
- --expired
- --processing=false
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: STORAGE_USERS_LOG_COLOR
value: "false"
- name: STORAGE_USERS_LOG_LEVEL
value: info
- name: STORAGE_USERS_LOG_PRETTY
value: "false"
- name: STORAGE_USERS_DRIVER
value: s3ng
- name: STORAGE_USERS_S3NG_ENDPOINT
value: https://nbg1.your-objectstorage.com
- name: STORAGE_USERS_S3NG_REGION
value: nbg1
- name: STORAGE_USERS_S3NG_ACCESS_KEY
valueFrom:
secretKeyRef:
key: accessKey
name: ocis-s3-credentials
- name: STORAGE_USERS_S3NG_SECRET_KEY
valueFrom:
secretKeyRef:
key: secretKey
name: ocis-s3-credentials
- name: STORAGE_USERS_S3NG_BUCKET
value: ocis-tr1ceracop
- name: STORAGE_USERS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCIS_TRANSFER_SECRET
valueFrom:
secretKeyRef:
key: transfer-secret
name: transfer-secret
- name: STORAGE_USERS_MOUNT_ID
valueFrom:
configMapKeyRef:
key: storage-uuid
name: storage-users
- name: STORAGE_USERS_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
name: storage-users-clean-expired-uploads
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /var/lib/ocis
name: storageusers-data
nodeSelector: {}
restartPolicy: Never
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- name: storageusers-data
persistentVolumeClaim:
claimName: storageusers-data
ttlSecondsAfterFinished: 86400
schedule: 0 * * * *
startingDeadlineSeconds: 600
successfulJobsHistoryLimit: 3
suspend: true

104
rendered/envs/production/ocis/cronjob-storage-users-purge-expired-trash-bin-items.yaml Normal file
View file

@ -0,0 +1,104 @@
apiVersion: batch/v1
kind: CronJob
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storage-users-purge-expired-trash-bin-items
namespace: ocis
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
jobTemplate:
spec:
parallelism: 1
template:
metadata:
labels:
app: storage-users-purge-expired-trash-bin-items
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-users
- trash-bin
- purge-expired
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: STORAGE_USERS_LOG_COLOR
value: "false"
- name: STORAGE_USERS_LOG_LEVEL
value: info
- name: STORAGE_USERS_LOG_PRETTY
value: "false"
- name: STORAGE_USERS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCIS_TRANSFER_SECRET
valueFrom:
secretKeyRef:
key: transfer-secret
name: transfer-secret
- name: STORAGE_USERS_MOUNT_ID
valueFrom:
configMapKeyRef:
key: storage-uuid
name: storage-users
- name: STORAGE_USERS_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
name: storage-users-purge-expired-trash-bin-items
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /var/lib/ocis
name: storageusers-data
nodeSelector: {}
restartPolicy: Never
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- name: storageusers-data
persistentVolumeClaim:
claimName: storageusers-data
ttlSecondsAfterFinished: 86400
schedule: 0 * * * *
startingDeadlineSeconds: 600
successfulJobsHistoryLimit: 3
suspend: true

106
rendered/envs/production/ocis/cronjob-storage-users-restart-postprocessing.yaml Normal file
View file

@ -0,0 +1,106 @@
apiVersion: batch/v1
kind: CronJob
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storage-users-restart-postprocessing
namespace: ocis
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
jobTemplate:
spec:
parallelism: 1
template:
metadata:
labels:
app: storage-users-restart-postprocessing
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-users
- uploads
- sessions
- --restart
- --processing=true
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: STORAGE_USERS_LOG_COLOR
value: "false"
- name: STORAGE_USERS_LOG_LEVEL
value: info
- name: STORAGE_USERS_LOG_PRETTY
value: "false"
- name: STORAGE_USERS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCIS_TRANSFER_SECRET
valueFrom:
secretKeyRef:
key: transfer-secret
name: transfer-secret
- name: STORAGE_USERS_MOUNT_ID
valueFrom:
configMapKeyRef:
key: storage-uuid
name: storage-users
- name: STORAGE_USERS_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
name: storage-users-restart-postprocessing
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /var/lib/ocis
name: storageusers-data
nodeSelector: {}
restartPolicy: Never
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- name: storageusers-data
persistentVolumeClaim:
claimName: storageusers-data
ttlSecondsAfterFinished: 86400
schedule: 0 * * * *
startingDeadlineSeconds: 600
successfulJobsHistoryLimit: 3
suspend: true

66
rendered/envs/production/ocis/cronjob-thumbnails-cleanup.yaml Normal file
View file

@ -0,0 +1,66 @@
apiVersion: batch/v1
kind: CronJob
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
ignore-check.kube-linter.io/latest-tag: using the stable tag on this busybox image is better than having an outdated image
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: thumbnails-cleanup
namespace: ocis
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
jobTemplate:
spec:
parallelism: 1
template:
metadata:
labels:
app: thumbnails-cleanup
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- command:
- /bin/sh
- /script/thumbnails-cleanup-script.sh
image: busybox:stable
imagePullPolicy: IfNotPresent
name: thumbnails-cleanup
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/lib/ocis
name: thumbnails-data
- mountPath: /script
name: script
nodeSelector: {}
restartPolicy: Never
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- name: thumbnails-data
persistentVolumeClaim:
claimName: thumbnails-data
- configMap:
defaultMode: 320
name: thumbnails-cleanup-script-configmap
name: script
ttlSecondsAfterFinished: 86400
schedule: 0 * * * *
startingDeadlineSeconds: 600
successfulJobsHistoryLimit: 3
suspend: true

120
rendered/envs/production/ocis/deployment-activitylog.yaml Normal file
View file

@ -0,0 +1,120 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: activitylog
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: activitylog
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: activitylog
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- activitylog
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_PERSISTENT_STORE
value: nats-js-kv
- name: OCIS_PERSISTENT_STORE_NODES
value: nats:9233
- name: ACTIVITYLOG_LOG_COLOR
value: "false"
- name: ACTIVITYLOG_LOG_LEVEL
value: info
- name: ACTIVITYLOG_LOG_PRETTY
value: "false"
- name: ACTIVITYLOG_TRACING_ENABLED
value: "false"
- name: ACTIVITYLOG_TRACING_TYPE
value: jaeger
- name: ACTIVITYLOG_TRACING_ENDPOINT
value: null
- name: ACTIVITYLOG_TRACING_COLLECTOR
value: null
- name: ACTIVITYLOG_DEBUG_PPROF
value: "false"
- name: ACTIVITYLOG_HTTP_ADDR
value: 0.0.0.0:9195
- name: ACTIVITYLOG_DEBUG_ADDR
value: 0.0.0.0:9197
- name: ACTIVITYLOG_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: ACTIVITYLOG_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: ACTIVITYLOG_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: activitylog
ports:
- containerPort: 9195
name: http
- containerPort: 9197
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

108
rendered/envs/production/ocis/deployment-appregistry.yaml Normal file
View file

@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: appregistry
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: appregistry
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 0dffa4f8f27458fef0dec7d83ed4cc950c3d3793ad1ac0a3a3139ee3a8715bf0
labels:
app: appregistry
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- app-registry
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: APP_REGISTRY_LOG_COLOR
value: "false"
- name: APP_REGISTRY_LOG_LEVEL
value: info
- name: APP_REGISTRY_LOG_PRETTY
value: "false"
- name: APP_REGISTRY_TRACING_ENABLED
value: "false"
- name: APP_REGISTRY_TRACING_TYPE
value: jaeger
- name: APP_REGISTRY_TRACING_ENDPOINT
value: null
- name: APP_REGISTRY_TRACING_COLLECTOR
value: null
- name: APP_REGISTRY_DEBUG_PPROF
value: "false"
- name: APP_REGISTRY_GRPC_ADDR
value: 0.0.0.0:9242
- name: APP_REGISTRY_DEBUG_ADDR
value: 0.0.0.0:9243
- name: APP_REGISTRY_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: appregistry
ports:
- containerPort: 9242
name: grpc
- containerPort: 9243
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/ocis
name: configs
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- configMap:
name: appregistry-config
name: configs

89
rendered/envs/production/ocis/deployment-audit.yaml Normal file
View file

@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: audit
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: audit
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: audit
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- audit
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: AUDIT_LOG_COLOR
value: "false"
- name: AUDIT_LOG_LEVEL
value: info
- name: AUDIT_LOG_PRETTY
value: "false"
- name: AUDIT_DEBUG_PPROF
value: "false"
- name: AUDIT_DEBUG_ADDR
value: 0.0.0.0:9229
- name: AUDIT_LOG_TO_CONSOLE
value: "true"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: audit
ports:
- containerPort: 9229
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

106
rendered/envs/production/ocis/deployment-authmachine.yaml Normal file
View file

@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: authmachine
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: authmachine
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: authmachine
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- auth-machine
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: AUTH_MACHINE_LOG_COLOR
value: "false"
- name: AUTH_MACHINE_LOG_LEVEL
value: info
- name: AUTH_MACHINE_LOG_PRETTY
value: "false"
- name: AUTH_MACHINE_TRACING_ENABLED
value: "false"
- name: AUTH_MACHINE_TRACING_TYPE
value: jaeger
- name: AUTH_MACHINE_TRACING_ENDPOINT
value: null
- name: AUTH_MACHINE_TRACING_COLLECTOR
value: null
- name: AUTH_MACHINE_DEBUG_PPROF
value: "false"
- name: AUTH_MACHINE_GRPC_ADDR
value: 0.0.0.0:9166
- name: AUTH_MACHINE_DEBUG_ADDR
value: 0.0.0.0:9167
- name: AUTH_MACHINE_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: AUTH_MACHINE_API_KEY
valueFrom:
secretKeyRef:
key: machine-auth-api-key
name: machine-auth-api-key
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: authmachine
ports:
- containerPort: 9166
name: grpc
- containerPort: 9167
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume

111
rendered/envs/production/ocis/deployment-authservice.yaml Normal file
View file

@ -0,0 +1,111 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: authservice
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: authservice
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: authservice
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- auth-service
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: AUTH_SERVICE_LOG_COLOR
value: "false"
- name: AUTH_SERVICE_LOG_LEVEL
value: info
- name: AUTH_SERVICE_LOG_PRETTY
value: "false"
- name: AUTH_SERVICE_TRACING_ENABLED
value: "false"
- name: AUTH_SERVICE_TRACING_TYPE
value: jaeger
- name: AUTH_SERVICE_TRACING_ENDPOINT
value: null
- name: AUTH_SERVICE_TRACING_COLLECTOR
value: null
- name: AUTH_SERVICE_DEBUG_PPROF
value: "false"
- name: AUTH_SERVICE_GRPC_ADDR
value: 0.0.0.0:9616
- name: AUTH_SERVICE_DEBUG_ADDR
value: 0.0.0.0:9617
- name: AUTH_SERVICE_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: AUTH_SERVICE_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: AUTH_SERVICE_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: authservice
ports:
- containerPort: 9616
name: grpc
- containerPort: 9617
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume

110
rendered/envs/production/ocis/deployment-clientlog.yaml Normal file
View file

@ -0,0 +1,110 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: clientlog
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: clientlog
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: clientlog
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- clientlog
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: CLIENTLOG_LOG_COLOR
value: "false"
- name: CLIENTLOG_LOG_LEVEL
value: info
- name: CLIENTLOG_LOG_PRETTY
value: "false"
- name: CLIENTLOG_TRACING_ENABLED
value: "false"
- name: CLIENTLOG_TRACING_TYPE
value: jaeger
- name: CLIENTLOG_TRACING_ENDPOINT
value: null
- name: CLIENTLOG_TRACING_COLLECTOR
value: null
- name: CLIENTLOG_DEBUG_PPROF
value: "false"
- name: CLIENTLOG_DEBUG_ADDR
value: 0.0.0.0:9260
- name: CLIENTLOG_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: CLIENTLOG_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: CLIENTLOG_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: clientlog
ports:
- containerPort: 9260
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

95
rendered/envs/production/ocis/deployment-eventhistory.yaml Normal file
View file

@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: eventhistory
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: eventhistory
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: eventhistory
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- eventhistory
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: OCIS_PERSISTENT_STORE
value: nats-js-kv
- name: OCIS_PERSISTENT_STORE_NODES
value: nats:9233
- name: EVENTHISTORY_LOG_COLOR
value: "false"
- name: EVENTHISTORY_LOG_LEVEL
value: info
- name: EVENTHISTORY_LOG_PRETTY
value: "false"
- name: EVENTHISTORY_DEBUG_PPROF
value: "false"
- name: EVENTHISTORY_GRPC_ADDR
value: 0.0.0.0:8080
- name: EVENTHISTORY_DEBUG_ADDR
value: 0.0.0.0:9270
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: eventhistory
ports:
- containerPort: 8080
name: grpc
- containerPort: 9270
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

176
rendered/envs/production/ocis/deployment-frontend.yaml Normal file
View file

@ -0,0 +1,176 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: frontend
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: frontend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: a0c1b014e95dfcfe5b9f1eb6be20415d3deb0c51a2ee065b08bff8881c0f448d
labels:
app: frontend
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- frontend
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: FRONTEND_LOG_COLOR
value: "false"
- name: FRONTEND_LOG_LEVEL
value: info
- name: FRONTEND_LOG_PRETTY
value: "false"
- name: FRONTEND_TRACING_ENABLED
value: "false"
- name: FRONTEND_TRACING_TYPE
value: jaeger
- name: FRONTEND_TRACING_ENDPOINT
value: null
- name: FRONTEND_TRACING_COLLECTOR
value: null
- name: FRONTEND_DEBUG_PPROF
value: "false"
- name: FRONTEND_HTTP_ADDR
value: 0.0.0.0:9140
- name: FRONTEND_DEBUG_ADDR
value: 0.0.0.0:9141
- name: FRONTEND_PUBLIC_URL
value: https://drive.tr1ceracop.de
- name: OCIS_LDAP_SERVER_WRITE_ENABLED
value: "true"
- name: FRONTEND_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: FRONTEND_APP_HANDLER_INSECURE
value: "false"
- name: FRONTEND_ARCHIVER_INSECURE
value: "false"
- name: FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
value: "false"
- name: FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD
value: "false"
- name: FRONTEND_SEARCH_MIN_LENGTH
value: "3"
- name: FRONTEND_ARCHIVER_MAX_SIZE
value: "1073741824"
- name: FRONTEND_ARCHIVER_MAX_NUM_FILES
value: "10000"
- name: FRONTEND_FULL_TEXT_SEARCH_ENABLED
value: "false"
- name: OCIS_SHOW_USER_EMAIL_IN_RESULTS
value: "false"
- name: FRONTEND_OCS_STAT_CACHE_STORE
value: noop
- name: OCIS_EDITION
value: Community
- name: FRONTEND_MACHINE_AUTH_API_KEY
valueFrom:
secretKeyRef:
key: machine-auth-api-key
name: machine-auth-api-key
- name: FRONTEND_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: FRONTEND_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: OCIS_TRANSFER_SECRET
valueFrom:
secretKeyRef:
key: transfer-secret
name: transfer-secret
- name: FRONTEND_AUTO_ACCEPT_SHARES
value: "true"
- name: FRONTEND_MAX_CONCURRENCY
value: "100"
- name: FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS
value: "0"
- name: FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
value: "0"
- name: FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
value: "0"
- name: FRONTEND_PASSWORD_POLICY_MIN_DIGITS
value: "0"
- name: FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
value: "0"
- name: FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
value: /etc/ocis/sharing-banned-passwords.txt
- name: OCIS_ENABLE_OCM
value: "false"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: frontend
ports:
- containerPort: 9140
name: http
- containerPort: 9141
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/ocis
name: configs
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- configMap:
name: sharing-banned-passwords-frontend
name: configs

119
rendered/envs/production/ocis/deployment-gateway.yaml Normal file
View file

@ -0,0 +1,119 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: gateway
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: gateway
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: gateway
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- gateway
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: GATEWAY_LOG_COLOR
value: "false"
- name: GATEWAY_LOG_LEVEL
value: info
- name: GATEWAY_LOG_PRETTY
value: "false"
- name: GATEWAY_TRACING_ENABLED
value: "false"
- name: GATEWAY_TRACING_TYPE
value: jaeger
- name: GATEWAY_TRACING_ENDPOINT
value: null
- name: GATEWAY_TRACING_COLLECTOR
value: null
- name: GATEWAY_DEBUG_PPROF
value: "false"
- name: GATEWAY_GRPC_ADDR
value: 0.0.0.0:9142
- name: GATEWAY_DEBUG_ADDR
value: 0.0.0.0:9143
- name: GATEWAY_FRONTEND_PUBLIC_URL
value: https://drive.tr1ceracop.de
- name: GATEWAY_STAT_CACHE_STORE
value: noop
- name: GATEWAY_PROVIDER_CACHE_STORE
value: noop
- name: GATEWAY_CREATE_HOME_CACHE_STORE
value: memory
- name: GATEWAY_STORAGE_USERS_MOUNT_ID
valueFrom:
configMapKeyRef:
key: storage-uuid
name: storage-users
- name: GATEWAY_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCIS_TRANSFER_SECRET
valueFrom:
secretKeyRef:
key: transfer-secret
name: transfer-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: gateway
ports:
- containerPort: 9142
name: grpc
- containerPort: 9143
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume

152
rendered/envs/production/ocis/deployment-graph.yaml Normal file
View file

@ -0,0 +1,152 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: graph
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: graph
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: graph
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- graph
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: OCIS_CACHE_STORE
value: nats-js-kv
- name: OCIS_CACHE_STORE_NODES
value: nats:9233
- name: OCIS_CACHE_DISABLE_PERSISTENCE
value: "true"
- name: GRAPH_LOG_COLOR
value: "false"
- name: GRAPH_LOG_LEVEL
value: info
- name: GRAPH_LOG_PRETTY
value: "false"
- name: GRAPH_TRACING_ENABLED
value: "false"
- name: GRAPH_TRACING_TYPE
value: jaeger
- name: GRAPH_TRACING_ENDPOINT
value: null
- name: GRAPH_TRACING_COLLECTOR
value: null
- name: GRAPH_DEBUG_PPROF
value: "false"
- name: GRAPH_HTTP_ADDR
value: 0.0.0.0:9120
- name: GRAPH_DEBUG_ADDR
value: 0.0.0.0:9124
- name: GRAPH_SPACES_WEBDAV_BASE
value: https://drive.tr1ceracop.de
- name: GRAPH_IDENTITY_SEARCH_MIN_LENGTH
value: "3"
- name: GRAPH_LDAP_URI
value: ldaps://idm:9235
- name: GRAPH_LDAP_CACERT
value: /etc/ocis/ldap-ca/ldap-ca.crt
- name: GRAPH_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
key: graph-ldap-bind-password
name: ldap-bind-secrets
- name: OCIS_SHOW_USER_EMAIL_IN_RESULTS
value: "false"
- name: GRAPH_APPLICATION_ID
valueFrom:
configMapKeyRef:
key: application-id
name: graph
- name: GRAPH_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCIS_DEFAULT_LANGUAGE
value: en
- name: GRAPH_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: GRAPH_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: OCIS_ENABLE_OCM
value: "false"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: graph
ports:
- containerPort: 9120
name: http
- containerPort: 9124
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
- mountPath: /etc/ocis/ldap-ca
name: ldap-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca
- name: ldap-ca
secret:
secretName: ldap-ca

118
rendered/envs/production/ocis/deployment-groups.yaml Normal file
View file

@ -0,0 +1,118 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: groups
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: groups
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: groups
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- groups
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: GROUPS_LOG_COLOR
value: "false"
- name: GROUPS_LOG_LEVEL
value: info
- name: GROUPS_LOG_PRETTY
value: "false"
- name: GROUPS_TRACING_ENABLED
value: "false"
- name: GROUPS_TRACING_TYPE
value: jaeger
- name: GROUPS_TRACING_ENDPOINT
value: null
- name: GROUPS_TRACING_COLLECTOR
value: null
- name: GROUPS_DEBUG_PPROF
value: "false"
- name: GROUPS_GRPC_ADDR
value: 0.0.0.0:9160
- name: GROUPS_DEBUG_ADDR
value: 0.0.0.0:9161
- name: GROUPS_LDAP_URI
value: ldaps://idm:9235
- name: GROUPS_LDAP_CACERT
value: /etc/ocis/ldap-ca/ldap-ca.crt
- name: GROUPS_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
key: reva-ldap-bind-password
name: ldap-bind-secrets
- name: GROUPS_IDP_URL
value: https://drive.tr1ceracop.de
- name: GROUPS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: groups
ports:
- containerPort: 9160
name: grpc
- containerPort: 9161
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/ocis/ldap-ca
name: ldap-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- name: ldap-ca
secret:
secretName: ldap-ca

150
rendered/envs/production/ocis/deployment-idm.yaml Normal file
View file

@ -0,0 +1,150 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: idm
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: idm
strategy:
type: Recreate
template:
metadata:
labels:
app: idm
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- idm
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: IDM_LOG_COLOR
value: "false"
- name: IDM_LOG_LEVEL
value: info
- name: IDM_LOG_PRETTY
value: "false"
- name: IDM_TRACING_ENABLED
value: "false"
- name: IDM_TRACING_TYPE
value: jaeger
- name: IDM_TRACING_ENDPOINT
value: null
- name: IDM_TRACING_COLLECTOR
value: null
- name: IDM_DEBUG_PPROF
value: "false"
- name: IDM_LDAPS_ADDR
value: 0.0.0.0:9235
- name: IDM_DEBUG_ADDR
value: 0.0.0.0:9239
- name: IDM_CREATE_DEMO_USERS
value: "false"
- name: OCIS_OIDC_ISSUER
value: https://drive.tr1ceracop.de
- name: IDM_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: admin-user
- name: IDM_ADMIN_USER_ID
valueFrom:
secretKeyRef:
key: user-id
name: admin-user
- name: IDM_SVC_PASSWORD
valueFrom:
secretKeyRef:
key: graph-ldap-bind-password
name: ldap-bind-secrets
- name: IDM_REVASVC_PASSWORD
valueFrom:
secretKeyRef:
key: reva-ldap-bind-password
name: ldap-bind-secrets
- name: IDM_IDPSVC_PASSWORD
valueFrom:
secretKeyRef:
key: idp-ldap-bind-password
name: ldap-bind-secrets
- name: IDM_LDAPS_CERT
value: /etc/ocis/ldap-cert/ldap.crt
- name: IDM_LDAPS_KEY
value: /etc/ocis/ldap-cert/ldap.key
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: idm
ports:
- containerPort: 9235
name: ldaps
- containerPort: 9239
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/ldap-cert
name: ldap-cert
readOnly: true
- mountPath: /var/lib/ocis
name: idm-data
initContainers:
- command:
- mkdir
- -p
- /var/lib/ocis/idm
image: busybox:stable
imagePullPolicy: IfNotPresent
name: init-dir
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/lib/ocis
name: idm-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- name: ldap-cert
secret:
secretName: ldap-cert
- name: idm-data
persistentVolumeClaim:
claimName: idm-data

121
rendered/envs/production/ocis/deployment-idp.yaml Normal file
View file

@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
ignore-check.kube-linter.io/env-var-secret: IDP_ENCRYPTION_SECRET_FILE is no secret, it's the file path to the secret
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: idp
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: idp
strategy:
type: Recreate
template:
metadata:
labels:
app: idp
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- idp
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: IDP_LOG_COLOR
value: "false"
- name: IDP_LOG_LEVEL
value: info
- name: IDP_LOG_PRETTY
value: "false"
- name: IDP_TRACING_ENABLED
value: "false"
- name: IDP_TRACING_TYPE
value: jaeger
- name: IDP_TRACING_ENDPOINT
value: null
- name: IDP_TRACING_COLLECTOR
value: null
- name: IDP_DEBUG_PPROF
value: "false"
- name: IDP_HTTP_ADDR
value: 0.0.0.0:9130
- name: IDP_DEBUG_ADDR
value: 0.0.0.0:9134
- name: OCIS_URL
value: https://drive.tr1ceracop.de
- name: IDP_LDAP_URI
value: ldaps://idm:9235
- name: IDP_LDAP_TLS_CACERT
value: /etc/ocis/ldap-ca/ldap-ca.crt
- name: IDP_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
key: idp-ldap-bind-password
name: ldap-bind-secrets
- name: IDP_SIGNING_PRIVATE_KEY_FILES
value: /etc/ocis/idp/private-key.pem
- name: IDP_ENCRYPTION_SECRET_FILE
value: /etc/ocis/idp/encryption.key
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: idp
ports:
- containerPort: 9130
name: http
- containerPort: 9134
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/lib/ocis
name: ocis-data-tmp
- mountPath: /etc/ocis/ldap-ca
name: ldap-ca
readOnly: true
- mountPath: /etc/ocis/idp
name: idp-secrets
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: ocis-data-tmp
- name: ldap-ca
secret:
secretName: ldap-ca
- name: idp-secrets
secret:
secretName: idp-secrets

84
rendered/envs/production/ocis/deployment-nats.yaml Normal file
View file

@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: nats
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: nats
strategy:
type: Recreate
template:
metadata:
labels:
app: nats
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- nats
- server
command:
- ocis
env:
- name: NATS_LOG_COLOR
value: "false"
- name: NATS_LOG_LEVEL
value: info
- name: NATS_LOG_PRETTY
value: "false"
- name: NATS_DEBUG_PPROF
value: "false"
- name: NATS_NATS_HOST
value: 0.0.0.0
- name: NATS_NATS_PORT
value: "9233"
- name: NATS_DEBUG_ADDR
value: 0.0.0.0:9234
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: nats
ports:
- containerPort: 9233
name: nats
- containerPort: 9234
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/lib/ocis
name: nats-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- name: nats-data
persistentVolumeClaim:
claimName: nats-data

110
rendered/envs/production/ocis/deployment-ocdav.yaml Normal file
View file

@ -0,0 +1,110 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: ocdav
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: ocdav
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ocdav
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- ocdav
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCDAV_LOG_COLOR
value: "false"
- name: OCDAV_LOG_LEVEL
value: info
- name: OCDAV_LOG_PRETTY
value: "false"
- name: OCDAV_TRACING_ENABLED
value: "false"
- name: OCDAV_TRACING_TYPE
value: jaeger
- name: OCDAV_TRACING_ENDPOINT
value: null
- name: OCDAV_TRACING_COLLECTOR
value: null
- name: OCDAV_DEBUG_PPROF
value: "false"
- name: OCDAV_HTTP_ADDR
value: 0.0.0.0:8080
- name: OCDAV_DEBUG_ADDR
value: 0.0.0.0:9163
- name: OCDAV_PUBLIC_URL
value: https://drive.tr1ceracop.de
- name: OCIS_EDITION
value: Community
- name: OCDAV_INSECURE
value: "false"
- name: OCDAV_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCDAV_MACHINE_AUTH_API_KEY
valueFrom:
secretKeyRef:
key: machine-auth-api-key
name: machine-auth-api-key
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: ocdav
ports:
- containerPort: 8080
name: http
- containerPort: 9163
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes: null

107
rendered/envs/production/ocis/deployment-ocs.yaml Normal file
View file

@ -0,0 +1,107 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: ocs
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: ocs
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ocs
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- ocs
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_CACHE_STORE
value: nats-js-kv
- name: OCIS_CACHE_STORE_NODES
value: nats:9233
- name: OCIS_CACHE_DISABLE_PERSISTENCE
value: "true"
- name: OCS_LOG_COLOR
value: "false"
- name: OCS_LOG_LEVEL
value: info
- name: OCS_LOG_PRETTY
value: "false"
- name: OCS_TRACING_ENABLED
value: "false"
- name: OCS_TRACING_TYPE
value: jaeger
- name: OCS_TRACING_ENDPOINT
value: null
- name: OCS_TRACING_COLLECTOR
value: null
- name: OCS_DEBUG_PPROF
value: "false"
- name: OCS_HTTP_ADDR
value: 0.0.0.0:9110
- name: OCS_DEBUG_ADDR
value: 0.0.0.0:9114
- name: OCS_IDM_ADDRESS
value: https://drive.tr1ceracop.de
- name: OCS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: ocs
ports:
- containerPort: 9110
name: http
- containerPort: 9114
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes: null

93
rendered/envs/production/ocis/deployment-postprocessing.yaml Normal file
View file

@ -0,0 +1,93 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: postprocessing
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: postprocessing
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: postprocessing
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- postprocessing
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: OCIS_PERSISTENT_STORE
value: nats-js-kv
- name: OCIS_PERSISTENT_STORE_NODES
value: nats:9233
- name: POSTPROCESSING_LOG_COLOR
value: "false"
- name: POSTPROCESSING_LOG_LEVEL
value: info
- name: POSTPROCESSING_LOG_PRETTY
value: "false"
- name: POSTPROCESSING_DEBUG_PPROF
value: "false"
- name: POSTPROCESSING_DEBUG_ADDR
value: 0.0.0.0:9255
- name: POSTPROCESSING_WORKERS
value: "3"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: postprocessing
ports:
- containerPort: 9255
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

137
rendered/envs/production/ocis/deployment-proxy.yaml Normal file
View file

@ -0,0 +1,137 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: proxy
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: proxy
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 941efbdfcec62bd56f340d707523e4dbbdaef0b8501880d4fa52a89ccc0e3233
labels:
app: proxy
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- proxy
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CACHE_STORE
value: nats-js-kv
- name: OCIS_CACHE_STORE_NODES
value: nats:9233
- name: OCIS_CACHE_DISABLE_PERSISTENCE
value: "true"
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: PROXY_LOG_COLOR
value: "false"
- name: PROXY_LOG_LEVEL
value: info
- name: PROXY_LOG_PRETTY
value: "false"
- name: PROXY_TRACING_ENABLED
value: "false"
- name: PROXY_TRACING_TYPE
value: jaeger
- name: PROXY_TRACING_ENDPOINT
value: null
- name: PROXY_TRACING_COLLECTOR
value: null
- name: PROXY_DEBUG_PPROF
value: "false"
- name: PROXY_HTTP_ADDR
value: 0.0.0.0:9200
- name: PROXY_DEBUG_ADDR
value: 0.0.0.0:9205
- name: PROXY_OIDC_ISSUER
value: https://drive.tr1ceracop.de
- name: PROXY_TLS
value: "false"
- name: PROXY_OIDC_INSECURE
value: "false"
- name: PROXY_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: PROXY_MACHINE_AUTH_API_KEY
valueFrom:
secretKeyRef:
key: machine-auth-api-key
name: machine-auth-api-key
- name: PROXY_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: PROXY_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: PROXY_CSP_CONFIG_FILE_LOCATION
value: /etc/ocis/csp.yaml
- name: PROXY_AUTOPROVISION_ACCOUNTS
value: "false"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: proxy
ports:
- containerPort: 9200
name: http
- containerPort: 9205
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis
name: configs
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- configMap:
name: proxy-config
name: configs

122
rendered/envs/production/ocis/deployment-search.yaml Normal file
View file

@ -0,0 +1,122 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: search
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: search
strategy:
type: Recreate
template:
metadata:
labels:
app: search
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- search
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: SEARCH_LOG_COLOR
value: "false"
- name: SEARCH_LOG_LEVEL
value: info
- name: SEARCH_LOG_PRETTY
value: "false"
- name: SEARCH_TRACING_ENABLED
value: "false"
- name: SEARCH_TRACING_TYPE
value: jaeger
- name: SEARCH_TRACING_ENDPOINT
value: null
- name: SEARCH_TRACING_COLLECTOR
value: null
- name: SEARCH_DEBUG_PPROF
value: "false"
- name: SEARCH_GRPC_ADDR
value: 0.0.0.0:9220
- name: SEARCH_DEBUG_ADDR
value: 0.0.0.0:9224
- name: SEARCH_EXTRACTOR_TYPE
value: basic
- name: SEARCH_EXTRACTOR_CS3SOURCE_INSECURE
value: "false"
- name: SEARCH_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: SEARCH_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: SEARCH_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: OCIS_ASYNC_UPLOADS
value: "true"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: search
ports:
- containerPort: 9220
name: grpc
- containerPort: 9224
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
- mountPath: /var/lib/ocis
name: search-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca
- name: search-data
persistentVolumeClaim:
claimName: search-data

133
rendered/envs/production/ocis/deployment-settings.yaml Normal file
View file

@ -0,0 +1,133 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: settings
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: settings
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
labels:
app: settings
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- settings
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_CACHE_STORE
value: nats-js-kv
- name: OCIS_CACHE_STORE_NODES
value: nats:9233
- name: OCIS_CACHE_DISABLE_PERSISTENCE
value: "true"
- name: OCIS_DEFAULT_LANGUAGE
value: en
- name: SETTINGS_LOG_COLOR
value: "false"
- name: SETTINGS_LOG_LEVEL
value: info
- name: SETTINGS_LOG_PRETTY
value: "false"
- name: SETTINGS_TRACING_ENABLED
value: "false"
- name: SETTINGS_TRACING_TYPE
value: jaeger
- name: SETTINGS_TRACING_ENDPOINT
value: null
- name: SETTINGS_TRACING_COLLECTOR
value: null
- name: SETTINGS_DEBUG_PPROF
value: "false"
- name: SETTINGS_HTTP_ADDR
value: 0.0.0.0:9190
- name: SETTINGS_GRPC_ADDR
value: 0.0.0.0:9191
- name: SETTINGS_DEBUG_ADDR
value: 0.0.0.0:9194
- name: SETTINGS_ADMIN_USER_ID
valueFrom:
secretKeyRef:
key: user-id
name: admin-user
- name: SETTINGS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: SETTINGS_SERVICE_ACCOUNT_IDS
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: OCIS_SYSTEM_USER_API_KEY
valueFrom:
secretKeyRef:
key: api-key
name: storage-system
- name: OCIS_SYSTEM_USER_ID
valueFrom:
secretKeyRef:
key: user-id
name: storage-system
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: settings
ports:
- containerPort: 9190
name: http
- containerPort: 9191
name: grpc
- containerPort: 9194
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes: null

155
rendered/envs/production/ocis/deployment-sharing.yaml Normal file
View file

@ -0,0 +1,155 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: sharing
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: sharing
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: sharing
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- sharing
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: SHARING_LOG_COLOR
value: "false"
- name: SHARING_LOG_LEVEL
value: info
- name: SHARING_LOG_PRETTY
value: "false"
- name: SHARING_TRACING_ENABLED
value: "false"
- name: SHARING_TRACING_TYPE
value: jaeger
- name: SHARING_TRACING_ENDPOINT
value: null
- name: SHARING_TRACING_COLLECTOR
value: null
- name: SHARING_DEBUG_PPROF
value: "false"
- name: SHARING_GRPC_ADDR
value: 0.0.0.0:9150
- name: SHARING_DEBUG_ADDR
value: 0.0.0.0:9151
- name: SHARING_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
value: "false"
- name: SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
value: "false"
- name: SHARING_PASSWORD_POLICY_MIN_CHARACTERS
value: "0"
- name: SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
value: "0"
- name: SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
value: "0"
- name: SHARING_PASSWORD_POLICY_MIN_DIGITS
value: "0"
- name: SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
value: "0"
- name: SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
value: /etc/ocis/sharing-banned-passwords.txt
- name: SHARING_USER_DRIVER
value: jsoncs3
- name: SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY
valueFrom:
secretKeyRef:
key: api-key
name: storage-system
- name: SHARING_USER_JSONCS3_SYSTEM_USER_ID
valueFrom:
secretKeyRef:
key: user-id
name: storage-system
- name: SHARING_PUBLIC_DRIVER
value: jsoncs3
- name: SHARING_PUBLIC_JSONCS3_SYSTEM_USER_API_KEY
valueFrom:
secretKeyRef:
key: api-key
name: storage-system
- name: SHARING_PUBLIC_JSONCS3_SYSTEM_USER_ID
valueFrom:
secretKeyRef:
key: user-id
name: storage-system
- name: SHARING_USER_JSONCS3_MAX_CONCURRENCY
value: "20"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: sharing
ports:
- containerPort: 9150
name: grpc
- containerPort: 9151
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
- mountPath: /etc/ocis
name: configs
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- emptyDir: {}
name: messaging-system-ca
- configMap:
name: sharing-banned-passwords-sharing
name: configs

108
rendered/envs/production/ocis/deployment-sse.yaml Normal file
View file

@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: sse
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: sse
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: sse
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- sse
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: SSE_LOG_COLOR
value: "false"
- name: SSE_LOG_LEVEL
value: info
- name: SSE_LOG_PRETTY
value: "false"
- name: SSE_TRACING_ENABLED
value: "false"
- name: SSE_TRACING_TYPE
value: jaeger
- name: SSE_TRACING_ENDPOINT
value: null
- name: SSE_TRACING_COLLECTOR
value: null
- name: SSE_DEBUG_PPROF
value: "false"
- name: SSE_DEBUG_ADDR
value: 0.0.0.0:9135
- name: SSE_HTTP_ADDR
value: 0.0.0.0:9939
- name: SSE_KEEPALIVE_INTERVAL
value: 30s
- name: SSE_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: sse
ports:
- containerPort: 9939
name: http
- containerPort: 9135
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

105
rendered/envs/production/ocis/deployment-storagepubliclink.yaml Normal file
View file

@ -0,0 +1,105 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storagepubliclink
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: storagepubliclink
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: storagepubliclink
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-publiclink
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_PERSISTENT_STORE
value: nats-js-kv
- name: OCIS_PERSISTENT_STORE_NODES
value: nats:9233
- name: STORAGE_PUBLICLINK_LOG_COLOR
value: "false"
- name: STORAGE_PUBLICLINK_LOG_LEVEL
value: info
- name: STORAGE_PUBLICLINK_LOG_PRETTY
value: "false"
- name: STORAGE_PUBLICLINK_TRACING_ENABLED
value: "false"
- name: STORAGE_PUBLICLINK_TRACING_TYPE
value: jaeger
- name: STORAGE_PUBLICLINK_TRACING_ENDPOINT
value: null
- name: STORAGE_PUBLICLINK_TRACING_COLLECTOR
value: null
- name: STORAGE_PUBLICLINK_DEBUG_PPROF
value: "false"
- name: STORAGE_PUBLICLINK_GRPC_ADDR
value: 0.0.0.0:9178
- name: STORAGE_PUBLICLINK_DEBUG_ADDR
value: 0.0.0.0:9179
- name: STORAGE_PUBLICLINK_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: storagepubliclink
ports:
- containerPort: 9178
name: grpc
- containerPort: 9179
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume

101
rendered/envs/production/ocis/deployment-storageshares.yaml Normal file
View file

@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storageshares
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: storageshares
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: storageshares
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-shares
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: STORAGE_SHARES_LOG_COLOR
value: "false"
- name: STORAGE_SHARES_LOG_LEVEL
value: info
- name: STORAGE_SHARES_LOG_PRETTY
value: "false"
- name: STORAGE_SHARES_TRACING_ENABLED
value: "false"
- name: STORAGE_SHARES_TRACING_TYPE
value: jaeger
- name: STORAGE_SHARES_TRACING_ENDPOINT
value: null
- name: STORAGE_SHARES_TRACING_COLLECTOR
value: null
- name: STORAGE_SHARES_DEBUG_PPROF
value: "false"
- name: STORAGE_SHARES_GRPC_ADDR
value: 0.0.0.0:9154
- name: STORAGE_SHARES_DEBUG_ADDR
value: 0.0.0.0:9156
- name: STORAGE_SHARES_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: storageshares
ports:
- containerPort: 9154
name: grpc
- containerPort: 9156
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume

130
rendered/envs/production/ocis/deployment-storagesystem.yaml Normal file
View file

@ -0,0 +1,130 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storagesystem
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: storagesystem
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: storagesystem
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-system
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CACHE_STORE
value: nats-js-kv
- name: OCIS_CACHE_STORE_NODES
value: nats:9233
- name: OCIS_CACHE_DISABLE_PERSISTENCE
value: "true"
- name: STORAGE_SYSTEM_LOG_COLOR
value: "false"
- name: STORAGE_SYSTEM_LOG_LEVEL
value: info
- name: STORAGE_SYSTEM_LOG_PRETTY
value: "false"
- name: STORAGE_SYSTEM_TRACING_ENABLED
value: "false"
- name: STORAGE_SYSTEM_TRACING_TYPE
value: jaeger
- name: STORAGE_SYSTEM_TRACING_ENDPOINT
value: null
- name: STORAGE_SYSTEM_TRACING_COLLECTOR
value: null
- name: STORAGE_SYSTEM_DEBUG_PPROF
value: "false"
- name: STORAGE_SYSTEM_GRPC_ADDR
value: 0.0.0.0:9215
- name: STORAGE_SYSTEM_DEBUG_ADDR
value: 0.0.0.0:9217
- name: STORAGE_SYSTEM_HTTP_ADDR
value: 0.0.0.0:9216
- name: STORAGE_SYSTEM_DATA_SERVER_URL
value: http://storagesystem:9216/data
- name: STORAGE_SYSTEM_DRIVER
value: ocis
- name: STORAGE_SYSTEM_JWT_SECRET
valueFrom:
secretKeyRef:
key: storage-system-jwt-secret
name: storage-system-jwt-secret
- name: OCIS_SYSTEM_USER_API_KEY
valueFrom:
secretKeyRef:
key: api-key
name: storage-system
- name: OCIS_SYSTEM_USER_ID
valueFrom:
secretKeyRef:
key: user-id
name: storage-system
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: storagesystem
ports:
- containerPort: 9215
name: grpc
- containerPort: 9216
name: http
- containerPort: 9217
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /var/lib/ocis
name: storagesystem-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- name: storagesystem-data
persistentVolumeClaim:
claimName: storagesystem-data

195
rendered/envs/production/ocis/deployment-storageusers.yaml Normal file
View file

@ -0,0 +1,195 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storageusers
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: storageusers
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: storageusers
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- storage-users
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: OCIS_CACHE_STORE
value: nats-js-kv
- name: OCIS_CACHE_STORE_NODES
value: nats:9233
- name: OCIS_CACHE_DISABLE_PERSISTENCE
value: "true"
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: STORAGE_USERS_GATEWAY_GRPC_ADDR
value: gateway:9142
- name: STORAGE_USERS_LOG_COLOR
value: "false"
- name: STORAGE_USERS_LOG_LEVEL
value: info
- name: STORAGE_USERS_LOG_PRETTY
value: "false"
- name: STORAGE_USERS_TRACING_ENABLED
value: "false"
- name: STORAGE_USERS_TRACING_TYPE
value: jaeger
- name: STORAGE_USERS_TRACING_ENDPOINT
value: null
- name: STORAGE_USERS_TRACING_COLLECTOR
value: null
- name: STORAGE_USERS_DEBUG_PPROF
value: "false"
- name: STORAGE_USERS_GRPC_ADDR
value: 0.0.0.0:9157
- name: STORAGE_USERS_DEBUG_ADDR
value: 0.0.0.0:9159
- name: STORAGE_USERS_HTTP_ADDR
value: 0.0.0.0:9158
- name: STORAGE_USERS_DATA_SERVER_URL
value: http://storageusers:9158/data
- name: STORAGE_USERS_DRIVER
value: s3ng
- name: STORAGE_USERS_S3NG_MAX_CONCURRENCY
value: "100"
- name: STORAGE_USERS_S3NG_ENDPOINT
value: https://nbg1.your-objectstorage.com
- name: STORAGE_USERS_S3NG_REGION
value: nbg1
- name: STORAGE_USERS_S3NG_ACCESS_KEY
valueFrom:
secretKeyRef:
key: accessKey
name: ocis-s3-credentials
- name: STORAGE_USERS_S3NG_SECRET_KEY
valueFrom:
secretKeyRef:
key: secretKey
name: ocis-s3-credentials
- name: STORAGE_USERS_S3NG_BUCKET
value: ocis-tr1ceracop
- name: STORAGE_USERS_S3NG_PUT_OBJECT_DISABLE_CONTENT_SHA256
value: "false"
- name: STORAGE_USERS_S3NG_PUT_OBJECT_DISABLE_MULTIPART
value: "false"
- name: STORAGE_USERS_S3NG_PUT_OBJECT_SEND_CONTENT_MD5
value: "true"
- name: STORAGE_USERS_S3NG_PUT_OBJECT_CONCURRENT_STREAM_PARTS
value: "true"
- name: STORAGE_USERS_S3NG_PUT_OBJECT_NUM_THREADS
value: "4"
- name: STORAGE_USERS_S3NG_PUT_OBJECT_PART_SIZE
value: "0"
- name: STORAGE_USERS_UPLOAD_EXPIRATION
value: "86400"
- name: STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE
value: 720h
- name: STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE
value: 720h
- name: STORAGE_USERS_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: STORAGE_USERS_STAT_CACHE_STORE
value: noop
- name: STORAGE_USERS_MOUNT_ID
valueFrom:
configMapKeyRef:
key: storage-uuid
name: storage-users
- name: STORAGE_USERS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: OCIS_TRANSFER_SECRET
valueFrom:
secretKeyRef:
key: transfer-secret
name: transfer-secret
- name: OCIS_ASYNC_UPLOADS
value: "true"
- name: STORAGE_USERS_EVENTS_NUM_CONSUMERS
value: "10"
- name: STORAGE_USERS_DATA_GATEWAY_URL
value: http://frontend:9140/data/
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: storageusers
ports:
- containerPort: 9157
name: grpc
- containerPort: 9158
name: http
- containerPort: 9159
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
- mountPath: /var/lib/ocis
name: storageusers-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- emptyDir: {}
name: messaging-system-ca
- name: storageusers-data
persistentVolumeClaim:
claimName: storageusers-data

122
rendered/envs/production/ocis/deployment-thumbnails.yaml Normal file
View file

@ -0,0 +1,122 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: thumbnails
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: thumbnails
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: thumbnails
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- thumbnails
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: THUMBNAILS_LOG_COLOR
value: "false"
- name: THUMBNAILS_LOG_LEVEL
value: info
- name: THUMBNAILS_LOG_PRETTY
value: "false"
- name: THUMBNAILS_TRACING_ENABLED
value: "false"
- name: THUMBNAILS_TRACING_TYPE
value: jaeger
- name: THUMBNAILS_TRACING_ENDPOINT
value: null
- name: THUMBNAILS_TRACING_COLLECTOR
value: null
- name: THUMBNAILS_DEBUG_PPROF
value: "false"
- name: THUMBNAILS_GRPC_ADDR
value: 0.0.0.0:9185
- name: THUMBNAILS_HTTP_ADDR
value: 0.0.0.0:9186
- name: THUMBNAILS_DEBUG_ADDR
value: 0.0.0.0:9189
- name: THUMBNAILS_DATA_ENDPOINT
value: http://thumbnails:9186/thumbnails/data
- name: THUMBNAILS_MAX_CONCURRENT_REQUESTS
value: "0"
- name: THUMBNAILS_MAX_INPUT_IMAGE_FILE_SIZE
value: 50MB
- name: THUMBNAILS_MAX_INPUT_WIDTH
value: "7680"
- name: THUMBNAILS_MAX_INPUT_HEIGHT
value: "7680"
- name: THUMBNAILS_WEBDAVSOURCE_INSECURE
value: "false"
- name: THUMBNAILS_CS3SOURCE_INSECURE
value: "false"
- name: THUMBNAILS_TRANSFER_TOKEN
valueFrom:
secretKeyRef:
key: thumbnails-transfer-secret
name: thumbnails-transfer-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: thumbnails
ports:
- containerPort: 9185
name: grpc
- containerPort: 9186
name: http
- containerPort: 9189
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/lib/ocis
name: thumbnails-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- name: thumbnails-data
persistentVolumeClaim:
claimName: thumbnails-data

116
rendered/envs/production/ocis/deployment-userlog.yaml Normal file
View file

@ -0,0 +1,116 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: userlog
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: userlog
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: userlog
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- userlog
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: OCIS_EVENTS_ENDPOINT
value: nats:9233
- name: OCIS_PERSISTENT_STORE
value: nats-js-kv
- name: OCIS_PERSISTENT_STORE_NODES
value: nats:9233
- name: OCIS_DEFAULT_LANGUAGE
value: en
- name: USERLOG_LOG_COLOR
value: "false"
- name: USERLOG_LOG_LEVEL
value: info
- name: USERLOG_LOG_PRETTY
value: "false"
- name: USERLOG_DEBUG_PPROF
value: "false"
- name: USERLOG_HTTP_ADDR
value: 0.0.0.0:8080
- name: USERLOG_DEBUG_ADDR
value: 0.0.0.0:9210
- name: USERLOG_SERVICE_ACCOUNT_ID
valueFrom:
configMapKeyRef:
key: service-account-id
name: auth-service
- name: USERLOG_SERVICE_ACCOUNT_SECRET
valueFrom:
secretKeyRef:
key: service-account-secret
name: service-account-secret
- name: USERLOG_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
- name: USERLOG_MAX_CONCURRENCY
value: "1"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: userlog
ports:
- containerPort: 8080
name: http
- containerPort: 9210
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis/messaging-system-ca
name: messaging-system-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: messaging-system-ca

118
rendered/envs/production/ocis/deployment-users.yaml Normal file
View file

@ -0,0 +1,118 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: users
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: users
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: users
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- users
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: USERS_LOG_COLOR
value: "false"
- name: USERS_LOG_LEVEL
value: info
- name: USERS_LOG_PRETTY
value: "false"
- name: USERS_TRACING_ENABLED
value: "false"
- name: USERS_TRACING_TYPE
value: jaeger
- name: USERS_TRACING_ENDPOINT
value: null
- name: USERS_TRACING_COLLECTOR
value: null
- name: USERS_DEBUG_PPROF
value: "false"
- name: USERS_GRPC_ADDR
value: 0.0.0.0:9144
- name: USERS_DEBUG_ADDR
value: 0.0.0.0:9145
- name: USERS_LDAP_URI
value: ldaps://idm:9235
- name: USERS_LDAP_CACERT
value: /etc/ocis/ldap-ca/ldap-ca.crt
- name: USERS_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
key: reva-ldap-bind-password
name: ldap-bind-secrets
- name: USERS_IDP_URL
value: https://drive.tr1ceracop.de
- name: USERS_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: users
ports:
- containerPort: 9144
name: grpc
- containerPort: 9145
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/ocis/ldap-ca
name: ldap-ca
readOnly: true
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- emptyDir: {}
name: tmp-volume
- name: ldap-ca
secret:
secretName: ldap-ca

133
rendered/envs/production/ocis/deployment-web.yaml Normal file
View file

@ -0,0 +1,133 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: web
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/config: cec3e646a6e624081e4fe2c886cae482477f21ba2edc86cee2e89c17d92f2034
labels:
app: web
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- web
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: WEB_LOG_COLOR
value: "false"
- name: WEB_LOG_LEVEL
value: info
- name: WEB_LOG_PRETTY
value: "false"
- name: WEB_TRACING_ENABLED
value: "false"
- name: WEB_TRACING_TYPE
value: jaeger
- name: WEB_TRACING_ENDPOINT
value: null
- name: WEB_TRACING_COLLECTOR
value: null
- name: WEB_DEBUG_PPROF
value: "false"
- name: WEB_HTTP_ADDR
value: 0.0.0.0:9100
- name: WEB_DEBUG_ADDR
value: 0.0.0.0:9104
- name: WEB_OIDC_AUTHORITY
value: https://drive.tr1ceracop.de
- name: WEB_OIDC_CLIENT_ID
value: web
- name: WEB_OIDC_SCOPE
value: openid profile email
- name: WEB_UI_THEME_SERVER
value: https://drive.tr1ceracop.de
- name: WEB_UI_THEME_PATH
value: /themes/owncloud/theme.json
- name: WEB_UI_CONFIG_SERVER
value: https://drive.tr1ceracop.de
- name: WEB_OPTION_CONTEXTHELPERS_READ_MORE
value: "true"
- name: WEB_OPTION_DISABLE_FEEDBACK_LINK
value: "true"
- name: WEB_OPTION_TOKEN_STORAGE_LOCAL
value: "true"
- name: WEB_JWT_SECRET
valueFrom:
secretKeyRef:
key: jwt-secret
name: jwt-secret
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: web
ports:
- containerPort: 9100
name: http
- containerPort: 9104
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /etc/ocis
name: configs
- mountPath: /var/lib/ocis/web/assets/apps
name: apps
- mountPath: /var/lib/ocis
name: web-data
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes:
- configMap:
name: web-config
name: configs
- emptyDir: {}
name: apps
- name: web-data
persistentVolumeClaim:
claimName: web-data

96
rendered/envs/production/ocis/deployment-webdav.yaml Normal file
View file

@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: webdav
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: webdav
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: webdav
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- webdav
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: WEBDAV_LOG_COLOR
value: "false"
- name: WEBDAV_LOG_LEVEL
value: info
- name: WEBDAV_LOG_PRETTY
value: "false"
- name: WEBDAV_TRACING_ENABLED
value: "false"
- name: WEBDAV_TRACING_TYPE
value: jaeger
- name: WEBDAV_TRACING_ENDPOINT
value: null
- name: WEBDAV_TRACING_COLLECTOR
value: null
- name: WEBDAV_DEBUG_PPROF
value: "false"
- name: WEBDAV_HTTP_ADDR
value: 0.0.0.0:9115
- name: WEBDAV_DEBUG_ADDR
value: 0.0.0.0:9119
- name: OCIS_PUBLIC_URL
value: https://drive.tr1ceracop.de
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: webdav
ports:
- containerPort: 9115
name: http
- containerPort: 9119
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes: null

100
rendered/envs/production/ocis/deployment-webfinger.yaml Normal file
View file

@ -0,0 +1,100 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: webfinger
namespace: ocis
spec:
replicas: 1
selector:
matchLabels:
app: webfinger
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: webfinger
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
spec:
containers:
- args:
- webfinger
- server
command:
- ocis
env:
- name: MICRO_REGISTRY
value: nats-js-kv
- name: MICRO_REGISTRY_ADDRESS
value: nats:9233
- name: OCIS_CORS_ALLOW_ORIGINS
value: https://drive.tr1ceracop.de
- name: WEBFINGER_LOG_COLOR
value: "false"
- name: WEBFINGER_LOG_LEVEL
value: info
- name: WEBFINGER_LOG_PRETTY
value: "false"
- name: WEBFINGER_TRACING_ENABLED
value: "false"
- name: WEBFINGER_TRACING_TYPE
value: jaeger
- name: WEBFINGER_TRACING_ENDPOINT
value: null
- name: WEBFINGER_TRACING_COLLECTOR
value: null
- name: WEBFINGER_DEBUG_PPROF
value: "false"
- name: WEBFINGER_HTTP_ADDR
value: 0.0.0.0:8080
- name: WEBFINGER_DEBUG_ADDR
value: 0.0.0.0:8081
- name: WEBFINGER_OIDC_ISSUER
value: https://drive.tr1ceracop.de
- name: WEBFINGER_OWNCLOUD_SERVER_INSTANCE_URL
value: https://drive.tr1ceracop.de
- name: WEBFINGER_INSECURE
value: "false"
image: owncloud/ocis:7.1.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics-debug
initialDelaySeconds: 60
periodSeconds: 20
timeoutSeconds: 10
name: webfinger
ports:
- containerPort: 8080
name: http
- containerPort: 8081
name: metrics-debug
resources: {}
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
nodeSelector: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volumes: null

23
rendered/envs/production/nextcloud/ingress-nextcloud.yaml → rendered/envs/production/ocis/ingress-proxy.yaml
View file

@ -5,28 +5,27 @@ metadata:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
cert-manager.io/cluster-issuer: letsencrypt
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 33.0.0
helm.sh/chart: nextcloud-9.0.4
name: nextcloud
namespace: nextcloud
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: proxy
namespace: ocis
spec:
ingressClassName: traefik
rules:
- host: nextcloud.tr1ceracop.de
- host: drive.tr1ceracop.de
http:
paths:
- backend:
service:
name: nextcloud
name: proxy
port:
number: 8080
number: 9200
path: /
pathType: Prefix
tls:
- hosts:
- nextcloud.tr1ceracop.de
secretName: nextcloud-tls
- drive.tr1ceracop.de
secretName: ocis-tls

40
rendered/envs/production/ocis/job-ocis-secret-init.yaml Normal file
View file

@ -0,0 +1,40 @@
apiVersion: batch/v1
kind: Job
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
argocd.argoproj.io/sync-options: Replace=true
name: ocis-secret-init
namespace: ocis
spec:
template:
spec:
containers:
- command:
- sh
- -c
- |
set -e
SECRET_NAME="ocis-s3-credentials"
if ! kubectl get secret "${SECRET_NAME}" -n ${NAMESPACE} >/dev/null 2>&1; then
echo "ERROR: Secret ${SECRET_NAME} does not exist in namespace ${NAMESPACE}."
echo "Please create it manually with keys 'accessKey' and 'secretKey':"
echo " kubectl create secret generic ${SECRET_NAME} -n ${NAMESPACE} \\"
echo " --from-literal=accessKey=<your-access-key> \\"
echo " --from-literal=secretKey=<your-secret-key>"
exit 1
else
echo "Secret ${SECRET_NAME} exists, OK"
fi
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: alpine/k8s:1.32.3
name: init
restartPolicy: OnFailure
serviceAccountName: ocis-secret-init
ttlSecondsAfterFinished: 300

4
rendered/envs/production/nextcloud/namespace-nextcloud.yaml → rendered/envs/production/ocis/namespace-ocis.yaml
View file

@ -5,5 +5,5 @@ metadata:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
pod-security.kubernetes.io/enforce: privileged
name: nextcloud
namespace: nextcloud
name: ocis
namespace: ocis

22
rendered/envs/production/ocis/persistentvolumeclaim-idm-data.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: idm-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-path

22
rendered/envs/production/ocis/persistentvolumeclaim-nats-data.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: nats-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-path

22
rendered/envs/production/ocis/persistentvolumeclaim-search-data.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: search-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: local-path

22
rendered/envs/production/ocis/persistentvolumeclaim-storagesystem-data.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storagesystem-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: local-path

22
rendered/envs/production/ocis/persistentvolumeclaim-storageusers-data.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
finalizers:
- kubernetes.io/pvc-protection
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: storageusers-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: local-path

14
rendered/envs/production/nextcloud/persistentvolumeclaim-nextcloud-nextcloud.yaml → rendered/envs/production/ocis/persistentvolumeclaim-thumbnails-data.yaml
View file

@ -3,16 +3,14 @@ kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 33.0.0
helm.sh/chart: nextcloud-9.0.4
name: nextcloud-nextcloud
namespace: nextcloud
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: thumbnails-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce

20
rendered/envs/production/ocis/persistentvolumeclaim-web-data.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
name: web-data
namespace: ocis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-path

4
rendered/envs/production/nextcloud/role-nextcloud-secret-init.yaml → rendered/envs/production/ocis/role-ocis-secret-init.yaml
View file

@ -3,8 +3,8 @@ kind: Role
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
name: nextcloud-secret-init
namespace: nextcloud
name: ocis-secret-init
namespace: ocis
rules:
- apiGroups:
- ""

10
rendered/envs/production/nextcloud/rolebinding-nextcloud-secret-init.yaml → rendered/envs/production/ocis/rolebinding-ocis-secret-init.yaml
View file

@ -3,13 +3,13 @@ kind: RoleBinding
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
name: nextcloud-secret-init
namespace: nextcloud
name: ocis-secret-init
namespace: ocis
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nextcloud-secret-init
name: ocis-secret-init
subjects:
- kind: ServiceAccount
name: nextcloud-secret-init
namespace: nextcloud
name: ocis-secret-init
namespace: ocis

11
rendered/envs/production/ocis/secret-admin-user.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
data:
password: YlpRdWlYYVdXZXhJRzI3cE5BMzR6RWVMajFLVzBr
user-id: NzE4ZTlmOTEtNmU3ZS00ZDMwLWE0MjktODcxMmQ4NDU1ODZl
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: admin-user
namespace: ocis

10
rendered/envs/production/ocis/secret-collaboration-wopi-secret.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
wopi-secret: T1FDSW0wNmZ3bWJldFpta0JwU29td2FRU3lkMk4x
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: collaboration-wopi-secret
namespace: ocis

11
rendered/envs/production/ocis/secret-idp-secrets.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
data:
encryption.key: LktHOEQ0U1JpTmEofERhYi9EMjBKbWEzYDRmJkVaJlg=
private-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdm5BTUxGMW1JUzd3M0pETEhPeCtMUjY5U2hCSUxReXorQXFkN0d1TUNlcytzKzFlCkVORHVQRW85VE5iZVJHdzBtbjVWMU9iY2lPSG1CaFlSMjh6UHl4RFhmZUhuWVFpczl0cFFUQ3hhNmJPTDcwOFIKd2JDdkM3eW53QURQU05kRUFUbFNDR3NBbTZJaHpOZUhOc3ZUVlZCVU03NDhWd3lmT1F2MU1lQnN2MDlDOWxIVAovb2xpU1RQbkhIeEZXUFVZOHJ0QTEvRzM2cnJCaGtLYkhKWnd2S242Vi9jdXNnbDVZMHQzNmdCMEYyMlkrd0ppCjU3ejZEdGQ1SWo0VEtSNWVEN1dGM0ZsamYrWElGQVNPVFRJUEtUcWRQZTQ5TFcvaWxwMVlnZXdQTnBiSWwrTy8KZ3pwQ0o1ZUlzMlhIYmVnRFRVRTZTU1FrenVWUUlCY2luY2dicTA1MzJnVmpkRklVdEptaTg4elg0US9sNkZuZQptZDVGV2diY29KYjg0YXk3VmZ2NjNLMHpqcXlxK2taU0Roay91eW1wM3NxY3ZqU1BkOW01Vk1VYnFSUUw5cUpyCnczUVBhRlNKdlFvMjQyTG5WZE1TakRJVEgwZUtJdExLNkwxQW9KVW8zRFlpb3U4V0ExOUZGS2NHVE5MeHhONzEKRGk5dmQ0Q1BYR2pvRjQyTFFHVFVFY2hDRDRBZzRaZHVqZUVmb0ZTWEhXQmtHM0M4SjJJODFqeDdSTXdNMVFXdAphWjVRMmVTb2xyWHVJTFpnQTc4SWZmc2NYRGZQK0NOQ1l3RTI2dWUxVnFDd2FnMUxEV0UyWFY0ZFdQWUpuQnR6CndwN0p2aGR2MHpBeUprVGhLYVloUlgvVFljTDF0djV3VnZvSnZtTDV6UXBNeTBsWnZscFFtSDlEaHNNQ0F3RUEKQVFLQ0FnQmJJUUVpUmJ0Mmk2RGsyMERtNFdCcnRQYjl0eGJpdjk1ckJxR1ZuYzFRZmNydWpOcmpqeWRCb0lELwpBUjh4Zk5vYlIvTkl3d1NyVi9ZYjJYbklSWlQxNW1SSUw4N3FCeDNGcnFpWUd1MlNRY0huelYyQTQweVFnRUdCCnhxRnFpT0JZK1pZQXd6dHlQajZRYUY2aTRSeUxDYnFSWENwQnVaK0R5KzRVWlFHRTlxZmplVHJKNWZJcmQzUFQKbE1BV2xvck90TDZOMTNTY0Zhdy8xQ1dubzNIbFJpMnU1SERxNzArd0xVLy9vU0hzaUJ5Wm1RVzlRUmdqL0FaUwpWWVFUdkIxa3hRZCtieVFHOHUwd2J4R3RiUlFHTmE5REVIc2tBQk5jNFlTVi8yRTBUU2xHVGN5NlBpbWtDb1oyCjJuQjVibm9PQVBXa1JIQjh0UTBIbmlxSmVGV01hN2UzRW1BZ2UzYzM0Y0VXSVZkKzcxcUNoQlFGVG0ySWlTVE8KU3NKUXZKVHM3QTJ6SnZTRmJDSWpKTUZ3VzZaWGVBR3ZlSHp2d3NEdnNmTjRiS3BFVVpjVkorUTFDWlRKKzRQYwo0RU15ZnJBN2ozcXpld0liRFFuNWlKMFFEd2d0SHNQVURaenNncWIvcUQyWiswNEdDY2xGWXY3cDBiWnZQU2FjCmxXaGdzeUcrZWl5Y1BPaHVSdjV2N3VSYWlJZjVQUUxkNVBONWczdkhGeThRdjlYSXBlSUp1V1F4VXAyVlJCVEMKOEpOK1Ria2FsdXhKYlRnSzRTRzhGV1JnTVBYTlRheWRiOXlhUTZERkR2NkFFTTBUYmtvNUlVZ1R0MWtNdDFNagpOK1JJOXdjWW9aRWVJNUdhRDlwWlNLOUE2eDRDNGhuUUJRYUpjSW55WUxGcUJlYjE0UUtDQVFFQTVNZ2ppRFZpClQxczJFVlJLOFBEV2xZRE5MZEV6Q01lRzJ3d3dkVXoxekpTL05haWhyZXVLd21jNS9kdGpVWmQ0NXh4MHNHRlAKOURNTTJNdjNFT3RHWEVLcWwxRGo1ekxwYmFLTTdGZGdSYk0rUjJaVjU5OVczbytxZC9raTJRazRVVVJ6MFJBeAp6S0o5NGt3WjQwdTZZb0dHUHBtMjNuVTZtNzM4dWFXN29GNXVXL3RXRDN1QnRoM2YwRFQ1MDNPNEhEWFlpbncvCnd1RE1HUmpDTlhVYlJXRzk4cnhwU29IQUpnTjRCbituSTlHaUNmNWwwUUFGMHMxSXlyZWpQOGJwYWlJcUZUTGUKUEtyMEFUM3JTSXk5dGhtOEVxOWUwcEllWDRkR2FVbnA4TW44M3ozYkZUZmJ6U1RKbi9VdHNUNkdIc3Q1YnRlSAptZmplb0gvQ282Z0tjUUtDQVFFQTFSZ1dOU2Y1UjdJK0lHYVAwK1hNUXNzSHpmeFVhQWo2M01DeU9RdDFFRnNsCmZSb21JSkNHTVBub0EyWlhGWHBHa1RPaVF6VUZTMFR0NmlhczZJeU40cExSdUpEY3BWd2kwaDhQZncyV0RaMUgKUnV2M0tOZnNrQlpQT1lpelVlSnQzWkhDUkJHMjVCTFdGbldlWUY1Z1VlWHJ6V2Z1RU1vcWxGVDBsZmgxWWZuVQpVQTFDUkxOTHV3anpRT2lTeCtvY2NHanpkOTFuMnNhSEw4a05tSVo0K0p3d0RKMmloUXAwYWZoTSs2dWtLayt2Cjd0dm52dDZWWXhaUXNkMnlYWlJjbUF4V0tnWVlpeE9JNUVGdU9wVTdwRU5lLzF5V3pndzJaNGRLbTRBWDNKM0UKOGp4bks0em9CdCthYXBVYlJnc2d3WWJCWkpEREF0RkhlUEFhSFVNMmN3S0NBUUF0cjJXaENvQUNOc1dhT2tubwp5VDhnaGFMelZrWXBwNlpmVVpUUHA3bWh5OFpQRWNpUGNXeTVHMkh5Tm9BangrcWx4QUh0UXRGemcwbzZkS2gyCm9YVGdjWk9kT2RMNDFTclY4TkxSVXpWdlZiYkhEVUYwVng0Q3ZZK2QrNHNnNmYxc0JRNVhuak5EbU9Nb2NHZnYKQXExS2hIRHBTVXJDSzRpemx3SERsTHZkNzExOFVybEJ5RGtEdy8xd2wxT1lEUkNqMllEUFRyWncxUEVNeGV2cQpQdU5lUElGdzJuendHdTdpNkdoc2E4dFZsTVFWMk00K0tSSUFvV3U2eDJiN0VsNkVDaVI3TFRoQnh5V0lwZk80Ci9obllKbFZ2S2NQMnFxVVVFSEJZRUNGK0t1ZXJNSy95RWNCN3U2L2ptRk15aExqRnAzNHRTeTdSNldlVGgwKzMKM0pPUkFvSUJBUUNFYitybGNJbWFTS29hQXdRaXd2QlhGczRyOUVZVlBuZURHWFBxeGpja1NqR2JkZFA2YXpncgpXalliWHRDQ3RiTUQ3VjVNZkxoa2xsdHpLa1JPWjRTTEs0cVNOZDRjRzQ0OG56ZEhWSTlNdU5JaXZ1YW1pTVFxCnJPTGlOQmFXcnE1dmhYYUNUYXdvUlppdTdyelcwZkQxRlh1ZTlwZmI4WG5USkpXNlcyZkEwNzlqWFVveFhtbVQKdmJWSlF3SnVvdzYzd2xLR3phRU5ORk95bkRjSjg1RmRtZHkzQ29XR1FBQW9HRHpvTVQzZldoVlMwM05OaWhLNApPWmMvWkRURnVqNXQ5VVRiNjF2M205VjVYeno5eGVBQ2NDaXJkc1QzSEZuM3IvcnJlQW5jZ0dWMTA1cWZVM3lsClFQVThocDBqeENqQWZsclZnSzdpb21UVVFnMUk0SXdIQW9JQkFGd3JGVFRtbk14dCt4RitHUmRVbTMwVXBYMGsKVVlpOENLV0llZ3ErR1ViOW1hU0o4LytEYmJRRDZwdks3Zmw2S0swOXR0WjNabGN0M050dnd1cnR2TWw5eDRtRgo3Q2RFRkp3RWhoSmdyTVdhMUJzc25LYndibGVNRUR2T0xOc2piS1V4UlRNaWFEdHA5RXBKNkV6dmxFZU1YOEZyCno0aXRwTXpoZW5uWlNwWU9FS0JsVVJhSGFERVdZTDdGblhIc1BNakZNaGRHdmJROUFLTUk5N1RtazNvNG9Ld1gKQmluNm1FQStaM3NFd1ljYk1tNHFDbTZ2NUMrVW90WWN0SjFOMGFldXRMWkhDZnlia0RBWkVTaTlITkNua2h5UQp2M3RqY3NVQmVRWk0rUFRMK3dJVGd4TEF6Q0lMT0d6Y1YzZFRXK3d6SzE4aUhaTXNxeHROOWF4ajBvND0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: idp-secrets
namespace: ocis

10
rendered/envs/production/ocis/secret-jwt-secret.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
jwt-secret: eWU2dHdSTjlYM3R0SkZhT0lFdnFpWHJzclRaMDND
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: jwt-secret
namespace: ocis

12
rendered/envs/production/ocis/secret-ldap-bind-secrets.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
data:
graph-ldap-bind-password: b09yM2dZZDE0VFlEUWlBOEJZWDlGY2FlZFBXUWhG
idp-ldap-bind-password: a3lYWWtER3FlSlhLcXpQb25uYTRySDU3SGh0WHFO
reva-ldap-bind-password: SGoybVlLSFZVaDRKZkhxMkxlcmJJam9pOWVUT0p4
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: ldap-bind-secrets
namespace: ocis

10
rendered/envs/production/ocis/secret-ldap-ca.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
ldap-ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lRWTZUaXZOUjZhQ3JmV1l5OWtVTjVCakFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkc1pHRndMV05oTUI0WERUSTJNRFF3TkRFNE1UWXhOMW9YRFRJM01EUXdOREU0TVRZeApOMW93RWpFUU1BNEdBMVVFQXhNSGJHUmhjQzFqWVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUxPNC95N3NyRGFYVUg2ZjJRN2I3UmZKd2Rvb2JuL1dDMGhqaEFLOVpacXdFUjB6ZUtvTWY3NHMKendMc3BhSm1sYjZCV3ZzWDh2Z3BJOXhJcUoxcVdBWVNlRCtKa0xVT3B0UER0R0R5U3RTVWlDb2xuUWZPZGxzQQp4K2FhOGNqU3A4OHQ2RmFOR3ZxNGxIMXljdnRSektRaTJHNkQrOUpFcDdDOVFPOWg4bFJaSkFMODJ1bHR6T3B5ClVWTUR4OWxQR2NmWEFhZklUTUxPQ1o1c0xVWmNMeU9aRlVWbnROS3NBT0Fqc1greWltUnc1NVZSMEczSWcrMFIKMWpaSVZmVFA2OTZqcWFPN3BuU1pNdlBSUkk1OFB0S0x1bU9oT0RxZHhsUEtEWU5LYUZ3TmlwNmJZUGd5Y2x3Tgo5dzlodkdUZ2t3dzZPSFdRenp3akw0Y0tWOCt6RnhjQ0F3RUFBYU5oTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trCk1CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFQQmdOVkhSTUJBZjhFQlRBREFRSC8KTUIwR0ExVWREZ1FXQkJTZlR0cEp2R1V4UjZhbXdxZllkem1EU0U0bnRUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBYkdvZVJaTk9IWDlZWWpWZ3JaZjRDZ0txMlhkb0VkcEVETEdyNGwyZ1c3Z0xHdjd1ZmFpa0ltODhLRHNjClFrbjlLdmhwYU1EdHloajN3NnZNdHQ4T3R2MjRIc2dibFo1SUtFREN1aU50ajVvUXhoWHY5WEMwM3AxUkFwU0oKY3BRbElnNEtWbE5TWUVHcmYwUTI1aVNYL1NjbnJXWHJUK1luR2pOM0xXdEo3UElNb214b3lWMnpjdFdTVVp4NQpsOXpsYnMwRTNZV0RCWFdXRXkrOThPTitWeFlQSTZSQS9HbHIyUnJTY2M2RHdZMWhPMFpoY0Jnd0lwcXEzbmlhCjVBbWdCY3JNcTB5R0NISVR1UUpUc0pzU3RhWGN3ZURYWTNUa2ZucW5FN0p5TCtONVFlc0gwakdIeEZ0aTFTRlUKdWRsNmFYbFFDVVo0T0ZYeE1VSkp3cGNTRlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: ldap-ca
namespace: ocis

11
rendered/envs/production/ocis/secret-ldap-cert.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
data:
ldap.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHakNDQWdLZ0F3SUJBZ0lRVnJvZnVmVWRSR0JBeXVacEQrMTRsREFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkc1pHRndMV05oTUI0WERUSTJNRFF3TkRFNE1UWXhOMW9YRFRJM01EUXdOREU0TVRZeApOMW93RGpFTU1Bb0dBMVVFQXhNRGFXUnRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUExOUdMWjBEQW5UMGF5OGpCM0tCS1ZzVDVnVVhGNFpvNGZ5aXZmODJqTlVMQXhWa0I5OWFQMWJiby8wNXMKVjk4Ylk2UjNuMHhqVENxTGRkbXhwdjlwdi9rcVlRb1ZCMnpKZ0NWWVFLK2NvK0dNTGpoUnpBV1FHaG1Lb0RwNwpKb2VBeHVzK0xBbWVyM2ZiWFNpeG4vd3FUaUNrd3QxcHk4cVUyRVc2QnNKRUJJNlovZlZiMWhrQ2oybjJVVE9xCmM4RUdyLzdzTXhoUGdOaE5BQW9NVnFUMCt2Nmk3dWdDRVVtYm0xb3RHTm9NVjZCOVJXbWFBdHZlRlVLSytaYkgKMEVUZHVTRXZYWE40VitsYkMzQlFoWUI4UTFMYjROdlNTaXhudFRRb2R0ZWRiMXdDQlpBeWRkSVNoWkxJZVdMbApOOUxkYWZDTVppQUtuaUxXM251VDRiWlRkUUlEQVFBQm8zQXdiakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEClZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGoKQkJnd0ZvQVVuMDdhU2J4bE1VZW1wc0tuMkhjNWcwaE9KN1V3RGdZRFZSMFJCQWN3QllJRGFXUnRNQTBHQ1NxRwpTSWIzRFFFQkN3VUFBNElCQVFCVHFlaTJXay9VUTl3aEtBbytmcm5NYTBLeURUVFpWTklPMDhHRi9rNWt3MmlXCmZlWGdtakJtTHA2N2NWdEN6MjBsN2REWTBrUHVnNUtTbW5aWHA5VE5tSUVOMDlnOHoyT3Z0eGpHV1hPM2RpUm8KSS83TmNpQWpUbmYyKzIxeXRlazRSUUlucWIzWjZyczg4aVhMeUlKQ2JPdEVyNGRyQTJibjdINk04a29OZ2JLbwpJb014bzlBOEFpdzVrRElzZkNxYXg2NWFJcnNhUy8wbGZ5NTBITHRTU1VaSWs4TFFtM0FtQmVmRnBCVUdHVi9RCnBNSUFlYkVzbmNLKy9lY052dVZDTGNLVFIrWE05Q1JCd3NZQzlBc0tNdGFtTFdlMHp6aDV1SUIzTDg2Y1FOTnQKZ2JkNC9YVENpV2xWVGtDNTZEbjFDWlRzRHUzdHYvaSswMVpqcnlTeQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
ldap.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMTlHTFowREFuVDBheThqQjNLQktWc1Q1Z1VYRjRabzRmeWl2Zjgyak5VTEF4VmtCCjk5YVAxYmJvLzA1c1Y5OGJZNlIzbjB4alRDcUxkZG14cHY5cHYva3FZUW9WQjJ6SmdDVllRSytjbytHTUxqaFIKekFXUUdobUtvRHA3Sm9lQXh1cytMQW1lcjNmYlhTaXhuL3dxVGlDa3d0MXB5OHFVMkVXNkJzSkVCSTZaL2ZWYgoxaGtDajJuMlVUT3FjOEVHci83c014aFBnTmhOQUFvTVZxVDArdjZpN3VnQ0VVbWJtMW90R05vTVY2QjlSV21hCkF0dmVGVUtLK1piSDBFVGR1U0V2WFhONFYrbGJDM0JRaFlCOFExTGI0TnZTU2l4bnRUUW9kdGVkYjF3Q0JaQXkKZGRJU2haTEllV0xsTjlMZGFmQ01aaUFLbmlMVzNudVQ0YlpUZFFJREFRQUJBb0lCQUEvMXB2c0c3VGVBVHVMNQpaelkrVVEzUC8vYWtJS1lERm1EZHN2WlNIUTRFMW4vQmloSWVuV2VPNE1KenRXWER1RlJrYlMzRnZTVkprMWFWClVRa1FjSi93RWVDZVpqKzB0dmhYeXFPOThta01FQXp1SnQ1ZDZ2SWN3V3ViR3Jhd1MxcHFiam5EZGZQYVI1YU4Kb0tIVnJ5czByc2RBcUdDWURDQXJ4OWVJSEkrTXhoa2pvZlVaeW5EdnZ6ZFRwekR4eVRjT0FMTmQ4b3RqZVR4VApLam5QZjRhQm9WVlJmQ25zeDN4dEdONnhQTUJ4K2Z6Ynp0OCtwaDZyOVRHeFZ0VkRUK1E4ajlpV0RCME11WDBGCkZCVE40MDNJN0h6VXpaamxVbDdPYXFtR3dGMDBkY2o1UVNtenA4NTFTdjltamRidWI4b0xhMVJWYVpndUNTaGwKNkF2ZW9HRUNnWUVBOFlabDBJVk4yNVJsdGQzRnZiK2dYcXVHTjdZSDZLTkdMeThnYlVNOHd3RlU1QXRDaHdpNApJUTcrWkVhaDBtZC9ROWNJN1p3RWx3N2cxTWZremJEZHBrS205bExEQXhtRlhoS08xVXlRcnlObjQ1UHUrSDhWCmt3UHd1UUFMWldrZHF5V09ub2xtM21kMlh6b3BKcDN3TG8vNGRhR3d3SFp6c2paamxBNkpmK2NDZ1lFQTVNQysKdGJROWh1NTZKTnpzV3RiUDZlVlRoK0JGN1MwSlN6WkV6bnJ1MS94NXY3U1hTYi9WbTk1WjBIc2tHVG5QaVowNwpTZ2hRUm1mamFMdHpKMVFITC9iMTZIcXpRSmh3MDg0YlVSNUxhVWt4S3VBVm9OM0lPaVhGRnlYQm81TGduekFDClpRZWh6bFV6SjFSeEZGbFh1S0ZDR0UwNlBRTmNsYWMycDcva0ZrTUNnWUVBalBUSzV1OWxpUWtLY3lHRERrS1AKN2JCZEhKWjM5eVdUQ0dhUW5qUG5la2VFcTdLR21SaFZuYldLY2l0bXRjMEJVUzVtWDRYMmg5Si9GSyswc1BiUAo1UUJ4UU1EOFh3cTk4ekVSZXhxOE5mcUwzeDJ2RWdmWkozdmRPWnIxQzdKVlJsVWM3eGx4bDhyNklvbG5Dc3FTCktocUwvdHJtdE94c2lVMkV3QnZiMDNFQ2dZRUFweGtJOW5Cb05XV0V3ZUxEb0lPa013WTY0MWwzbXc0MzZNSUcKdHhIajROQmtHeDZQR09kUjRWOG1HbjJwVytmMzYxMTRqdGJOMVBCVWxRL0F5V3kvSjFGdVJsbERFWitKWTU3KwpJMTVPMWVVS1RuaU1OQXR1Rk5POFNmRmhwdHhHeXVIbURlanFVRys2UXpPU3VydWNzWmpTVURBeHA1b0tDcU92CjhBL2pURU1DZ1lBd1hWOHQ2RWpTaFZINEJZL01BTTdkNk96NlVMWXBHbzlzT05EdDV3bUc0MDdoMVczRkpsNkIKOERoV0NVWEdQRUN2T1ZBMnhXTDJlVFFZWUxWY3BQYk0wNGZnT2pLNjFocVpHY2pxUWcyT0Z3emUrdXAzY2ttYQpTQXdQcE9LWGRETWE5VWFrVUQ3UTk0VVRlbDJZeU0yeTVSdXZWRk5iOURVd25TWVJxZm9BeEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: ldap-cert
namespace: ocis

10
rendered/envs/production/ocis/secret-machine-auth-api-key.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
machine-auth-api-key: aEZZMkdWcVVBWWhjejNFRjRQRUNRVXZLbHpzUUpL
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: machine-auth-api-key
namespace: ocis

10
rendered/envs/production/ocis/secret-service-account-secret.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
service-account-secret: NThMNVYzMnBsUUJ5UlBsZE10aDZuUEJOZnRNTU1W
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: service-account-secret
namespace: ocis

10
rendered/envs/production/ocis/secret-storage-system-jwt-secret.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
storage-system-jwt-secret: TWRKWW0zUFRFS2NwSDI1UFFXN3ZkZGdCdURIUnN6
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: storage-system-jwt-secret
namespace: ocis

11
rendered/envs/production/ocis/secret-storage-system.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
data:
api-key: RDhWVTFYblF6cjZHeGF6OHpPZnhHNEYxTHhHQ0ZI
user-id: MDQ1NzJjMGUtZGUxZi00ODZiLWE4YTEtMmYxZjI1NmM1Nzc1
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: storage-system
namespace: ocis

10
rendered/envs/production/ocis/secret-thumbnails-transfer-secret.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
thumbnails-transfer-secret: NGtlWEw4c3BJcm9sZzBiRFpBdWlhbExrMnJKM2N5
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: thumbnails-transfer-secret
namespace: ocis

10
rendered/envs/production/ocis/secret-transfer-secret.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
data:
transfer-secret: aU0wdXNRM2RIRXNTQXdzeHgxTXNkTnlqamQwV0p3
kind: Secret
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels: null
name: transfer-secret
namespace: ocis

27
rendered/envs/production/ocis/service-activitylog.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: activitylog
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
ocis-metrics: enabled
name: activitylog
namespace: ocis
spec:
ports:
- appProtocol: http
name: http
port: 9195
protocol: TCP
- appProtocol: http
name: metrics-debug
port: 9197
protocol: TCP
selector:
app: activitylog

27
rendered/envs/production/ocis/service-appregistry.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: appregistry
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
ocis-metrics: enabled
name: appregistry
namespace: ocis
spec:
ports:
- appProtocol: grpc
name: grpc
port: 9242
protocol: TCP
- appProtocol: http
name: metrics-debug
port: 9243
protocol: TCP
selector:
app: appregistry

23
rendered/envs/production/ocis/service-audit.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: audit
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
ocis-metrics: enabled
name: audit
namespace: ocis
spec:
ports:
- appProtocol: http
name: metrics-debug
port: 9229
protocol: TCP
selector:
app: audit

27
rendered/envs/production/ocis/service-authmachine.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: authmachine
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
ocis-metrics: enabled
name: authmachine
namespace: ocis
spec:
ports:
- appProtocol: grpc
name: grpc
port: 9166
protocol: TCP
- appProtocol: http
name: metrics-debug
port: 9167
protocol: TCP
selector:
app: authmachine

27
rendered/envs/production/ocis/service-authservice.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: authservice
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
ocis-metrics: enabled
name: authservice
namespace: ocis
spec:
ports:
- appProtocol: grpc
name: grpc
port: 9616
protocol: TCP
- appProtocol: http
name: metrics-debug
port: 9617
protocol: TCP
selector:
app: authservice

23
rendered/envs/production/ocis/service-clientlog.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app: clientlog
app.kubernetes.io/instance: ocis
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ocis
app.kubernetes.io/version: 7.1.4
helm.sh/chart: ocis-0.7.0
ocis-metrics: enabled
name: clientlog
namespace: ocis
spec:
ports:
- appProtocol: http
name: metrics-debug
port: 9260
protocol: TCP
selector:
app: clientlog

Some files were not shown because too many files have changed in this diff Show more