Merge branch 'main' into allow-nginx-additional-config

Signed-off-by: Florent Poinsaut <[email protected]>

.github/workflows/lint-test.yaml

@@ -11,10 +11,10 @@ on:
 
 jobs:
   lint-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -44,7 +44,7 @@ jobs:
         run: ct lint --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.5.0
+        uses: helm/kind-action@v1.8.0
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install)

.github/workflows/release.yaml

@@ -1,5 +1,8 @@
 
 name: Release Charts
+# only run one instance of this workflow at a time
+# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency
+concurrency: chart_releaser
 
 on:
   push:
@@ -13,17 +16,10 @@ on:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Turnstyle
-        uses: softprops/turnstyle@v1
-        with:
-          continue-after-seconds: 180
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN  }}
+        uses: actions/checkout@v4
 
       - name: Fetch history
         run: git fetch --prune --unshallow
@@ -47,3 +43,4 @@ jobs:
         uses: helm/[email protected]
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GENERATE_RELEASE_NOTES: true

README.md

@@ -22,7 +22,7 @@ helm repo update
 For more information, please checkout the chart level [README.md](./charts/nextcloud/README.md).
 
 ### Support and Contribution
-Please also review the official [NextCloud Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/) before contributing.
+This helm chart is community maintained, and not supported by Nextcloud GmbH. Please also review the official [NextCloud Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/) before contributing.
 
 #### Questions and Discussions
 [GitHub Discussion](https://github.com/nextcloud/helm/discussions)

charts/nextcloud/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 11.6.26
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.6.9
 - name: mariadb
-  repository: https://charts.bitnami.com/bitnami
-  version: 11.0.14
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.2.8
 - name: redis
-  repository: https://charts.bitnami.com/bitnami
-  version: 16.12.3
-digest: sha256:26d3436ece41f0fbe00d0184c1cda7f5cccb7d49642982cfff49f113c11c0f34
-generated: "2022-10-30T11:48:19.745391397+01:00"
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 17.13.2
+digest: sha256:e292db0f38d48fdde0b9feff58c406eef920c7e3b592e7f0ec1907e7599a7a2b
+generated: "2023-07-24T16:19:14.475458+02:00"

charts/nextcloud/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: nextcloud
-version: 3.6.0
-appVersion: 26.0.1
+version: 4.2.2
+appVersion: 27.0.2
 description: A file sharing server that puts the control and security of your own data back into your hands.
 keywords:
   - nextcloud
@@ -23,14 +23,14 @@ maintainers:
     email: [email protected]
 dependencies:
   - name: postgresql
-    version: 11.6.*
-    repository: https://charts.bitnami.com/bitnami
+    version: 12.6.*
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - name: mariadb
-    version: 11.0.*
-    repository: https://charts.bitnami.com/bitnami
+    version: 12.2.*
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: mariadb.enabled
   - name: redis
-    version: 16.12.*
-    repository: https://charts.bitnami.com/bitnami
+    version: 17.13.*
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: redis.enabled

charts/nextcloud/templates/NOTES.txt

@@ -48,7 +48,7 @@ host. To configure nextcloud with the URL of your service:
 
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "nextcloud.name" . }}" -o jsonpath="{.items[0].metadata.name}")
   echo http://127.0.0.1:8080/
-  kubectl port-forward $POD_NAME 8080:80
+  kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80
 {{- else }}
 
   echo http://{{ .Values.nextcloud.host }}/

charts/nextcloud/templates/_helpers.tpl

@@ -1,4 +1,3 @@
-{{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
@@ -110,9 +109,23 @@ Create environment variables used to configure the nextcloud container as well a
 {{- else }}
   {{- if eq .Values.externalDatabase.type "postgresql" }}
 - name: POSTGRES_HOST
+  {{- if .Values.externalDatabase.existingSecret.hostKey }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+      key: {{ .Values.externalDatabase.existingSecret.hostKey }}
+  {{- else }}
   value: {{ .Values.externalDatabase.host | quote }}
+  {{- end }}
 - name: POSTGRES_DB
+  {{- if .Values.externalDatabase.existingSecret.databaseKey }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+      key: {{ .Values.externalDatabase.existingSecret.databaseKey }}
+  {{- else }}
   value: {{ .Values.externalDatabase.database | quote }}
+  {{- end }}
 - name: POSTGRES_USER
   valueFrom:
     secretKeyRef:
@@ -125,9 +138,23 @@ Create environment variables used to configure the nextcloud container as well a
       key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
   {{- else }}
 - name: MYSQL_HOST
+  {{- if .Values.externalDatabase.existingSecret.hostKey }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+      key: {{ .Values.externalDatabase.existingSecret.hostKey }}
+  {{- else }}
   value: {{ .Values.externalDatabase.host | quote }}
+  {{- end }}
 - name: MYSQL_DATABASE
+  {{- if .Values.externalDatabase.existingSecret.databaseKey }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+      key: {{ .Values.externalDatabase.existingSecret.databaseKey }}
+  {{- else }}
   value: {{ .Values.externalDatabase.database | quote }}
+  {{- end }}
 - name: MYSQL_USER
   valueFrom:
     secretKeyRef:
@@ -163,14 +190,17 @@ Create environment variables used to configure the nextcloud container as well a
   value: {{ .Values.nextcloud.mail.fromAddress | quote }}
 - name: MAIL_DOMAIN
   value: {{ .Values.nextcloud.mail.domain | quote }}
-- name: SMTP_HOST
-  value: {{ .Values.nextcloud.mail.smtp.host | quote }}
 - name: SMTP_SECURE
   value: {{ .Values.nextcloud.mail.smtp.secure | quote }}
 - name: SMTP_PORT
   value: {{ .Values.nextcloud.mail.smtp.port | quote }}
 - name: SMTP_AUTHTYPE
   value: {{ .Values.nextcloud.mail.smtp.authtype | quote }}
+- name: SMTP_HOST
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+      key: {{ .Values.nextcloud.existingSecret.smtpHostKey | default "smtp-host" }}
 - name: SMTP_NAME
   valueFrom:
     secretKeyRef:

charts/nextcloud/templates/deployment.yaml

@@ -201,6 +201,20 @@ spec:
           successThreshold: {{ .Values.readinessProbe.successThreshold }}
           failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
         {{- end }}
+        {{- if .Values.startupProbe.enabled }}
+        startupProbe:
+          httpGet:
+            path: /status.php
+            port:  {{ .Values.nextcloud.containerPort }}
+            httpHeaders:
+            - name: Host
+              value: {{ .Values.nextcloud.host | quote }}
+          initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.startupProbe.successThreshold }}
+          failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+         {{- end }}
 
         resources:
 {{ toYaml .Values.nginx.resources | indent 10 }}

charts/nextcloud/templates/metrics-deployment.yaml

@@ -56,8 +56,9 @@ spec:
               name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
               key: {{ .Values.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }}
         {{- end }}
+        # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint
         - name: NEXTCLOUD_SERVER
-          value: http{{ if .Values.metrics.https }}s{{ end }}://{{ .Values.nextcloud.host }}
+          value: http{{ if .Values.metrics.https }}s{{ end }}://{{ template "nextcloud.fullname" . }}:{{ .Values.service.port }}
         - name: NEXTCLOUD_TIMEOUT
           value: {{ .Values.metrics.timeout }}
         - name: NEXTCLOUD_TLS_SKIP_VERIFY

charts/nextcloud/templates/metrics-servicemonitor.yaml

@@ -24,6 +24,9 @@ spec:
       app.kubernetes.io/name: {{ include "nextcloud.name" . }}
       app.kubernetes.io/instance: {{ .Release.Name }}
       app.kubernetes.io/component: metrics
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
   endpoints:
     - port: metrics
       path: "/"

charts/nextcloud/templates/nginx-config.yaml

@@ -106,6 +106,9 @@ data:
         # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
+            # Required for legacy support
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
 

charts/nextcloud/templates/secrets.yaml

@@ -24,5 +24,6 @@ data:
   {{- if .Values.nextcloud.mail.enabled }}
   smtp-username: {{ default "" .Values.nextcloud.mail.smtp.name | b64enc | quote }}
   smtp-password: {{ default "" .Values.nextcloud.mail.smtp.password | b64enc | quote }}
+  smtp-host: {{ default "" .Values.nextcloud.mail.smtp.host | b64enc | quote }}
   {{- end }}
 {{- end }}

charts/nextcloud/templates/service.yaml

@@ -10,7 +10,7 @@ metadata:
     app.kubernetes.io/component: app
 spec:
   type: {{ .Values.service.type }}
-  {{- if eq .Values.service.type "LoadBalancer" }}
+  {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
   loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
   {{- end }}
   ports:

charts/nextcloud/values.yaml

@@ -83,6 +83,7 @@ nextcloud:
     # tokenKey: nextcloud-token
     # smtpUsernameKey: smtp-username
     # smtpPasswordKey: smtp-password
+    # smtpHostKey: smtp-host
   update: 0
   # If web server is not binding default port, you can define it
   containerPort: 80
@@ -261,6 +262,8 @@ externalDatabase:
     # secretName: nameofsecret
     # usernameKey: db-username
     # passwordKey: db-password
+    # hostKey: db-hostname-or-ip
+    # databaseKey: db-name
 
 ##
 ## MariaDB chart configuration
@@ -366,7 +369,7 @@ cronjob:
 service:
   type: ClusterIP
   port: 8080
-  loadBalancerIP: nil
+  loadBalancerIP: ""
   nodePort: nil
 
 ## Enable persistence using Persistent Volume Claims
@@ -476,7 +479,7 @@ metrics:
 
   image:
     repository: xperimental/nextcloud-exporter
-    tag: 0.6.0
+    tag: 0.6.1
     pullPolicy: IfNotPresent
     # pullSecrets:
     #   - myRegistrKeySecretName