218 lines
8.2 KiB
Markdown
218 lines
8.2 KiB
Markdown
|
# Nextcloud Operator
|
||
|
|
||
|
Nextcloud operator handles the deployment of a Nextcloud HA instance
|
||
|
plus the LibreOffice online application in a kubernetes cluster.
|
||
|
|
||
|
Operator main taks:
|
||
|
|
||
|
* Defines a Custom Resource Definition (CRD) that contains the configuration
|
||
|
options required to define a Nextcloud HA instance.
|
||
|
* Creates Nextcloud HA instances when a new resource is created.
|
||
|
* Updates Nextcloud configuration to when a change to the CRD is detected.
|
||
|
* Checks for new Nextcloud versions and notifies the admin if there's
|
||
|
a new compatible version.
|
||
|
* Handles nextcloud upgrades
|
||
|
|
||
|
|
||
|
## CRD:
|
||
|
|
||
|
```
|
||
|
apiVersion: apiextensions.k8s.io/v1
|
||
|
kind: CustomResourceDefinition
|
||
|
metadata:
|
||
|
name: nextcloud.operators.imcsk8.chavero.com.mx
|
||
|
spec:
|
||
|
group: operators.imcsk8.chavero.com.mx
|
||
|
versions:
|
||
|
- name: v1 # it's possible to provide multiple versions of a CRD
|
||
|
served: true # it's possible to disable a CRD
|
||
|
storage: true # there can be multiple versions but only one can be used to store the objects
|
||
|
schema:
|
||
|
openAPIV3Schema:
|
||
|
type: object
|
||
|
properties:
|
||
|
spec:
|
||
|
type: object
|
||
|
properties:
|
||
|
nextcloud_path:
|
||
|
type: string
|
||
|
default: "/usr/share/nginx/html"
|
||
|
nextcloud_occ:
|
||
|
type: string
|
||
|
default: "/usr/share/nginx/html/occ"
|
||
|
nginx_path:
|
||
|
type: string
|
||
|
default: "/etc/nginx/conf.d" # FIXME: Set PHP version from Debian version: 7.4 for Debian 11, 7.3 for Debian 10
|
||
|
php_ini_path:
|
||
|
type: string
|
||
|
default: "/etc"
|
||
|
php_pool_path:
|
||
|
type: string
|
||
|
default: "/etc/php-fpm.d"
|
||
|
php_fpm_service:
|
||
|
type: string
|
||
|
default: "php-fpm"
|
||
|
document_root:
|
||
|
type: string
|
||
|
default: "/usr/share/nginx/html"
|
||
|
web_user:
|
||
|
type: string
|
||
|
default: "nginx"
|
||
|
pg_hba_conf:
|
||
|
type: string
|
||
|
default: "/var/lib/pgsql/data/pg_hba.conf"
|
||
|
redis_dir:
|
||
|
type: string
|
||
|
default: "/etc"
|
||
|
redis_user:
|
||
|
type: string
|
||
|
default: "nextcloud"
|
||
|
redis_url:
|
||
|
type: string
|
||
|
default: "https://127.0.0.1"
|
||
|
redis_password:
|
||
|
type: string
|
||
|
default: "2XenoNNBtLJqrELTfmCLum/42Guz72Ym0RPMxXh5+pT"
|
||
|
nextcloud_version:
|
||
|
type: string
|
||
|
default: "24.0.3"
|
||
|
nextcloud_checksum:
|
||
|
type: string
|
||
|
default: "sha256:4820808f799146853604e1fa27d7f292449018a44dc73bf928a97b02028318ba"
|
||
|
nextcloud_database:
|
||
|
type: string
|
||
|
default: "nextcloud"
|
||
|
nextcloud_database_user:
|
||
|
type: string
|
||
|
default: "nextcloud"
|
||
|
nextcloud_database_user_password:
|
||
|
type: string
|
||
|
default: "nVdUe6%Ua9c,Rd.8BVugPHPm2yqUSXWCAy%1GXOQGn8tg9F?k%R"
|
||
|
nextcloud_admin_user:
|
||
|
type: string
|
||
|
default: "nextcloud_admin"
|
||
|
nextcloud_admin_password:
|
||
|
type: string
|
||
|
default: "prueba123"
|
||
|
nextcloud_fqdn:
|
||
|
type: string
|
||
|
default: ""
|
||
|
nextcloud_domain_name:
|
||
|
type: string
|
||
|
default: "nextcloud"
|
||
|
notify_push_nextcloud_url:
|
||
|
type: string
|
||
|
default: "http://localhost"
|
||
|
key_size:
|
||
|
type: integer
|
||
|
default: 4096
|
||
|
key_type:
|
||
|
type: string
|
||
|
default: "RSA" # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
|
||
|
country_name:
|
||
|
type: string
|
||
|
default: "MX"
|
||
|
email_address:
|
||
|
type: string
|
||
|
default: "ssl@example.com"
|
||
|
organization_name:
|
||
|
type: string
|
||
|
default: "AnsibleNextcloud"
|
||
|
server_hostname:
|
||
|
type: string
|
||
|
default: "example.com"
|
||
|
redis_cert_private_key:
|
||
|
type: string
|
||
|
default: "/etc/pki/tls/private/redis-cert-private-key.pem"
|
||
|
redis_cert:
|
||
|
type: string
|
||
|
default: "/etc/pki/tls/certs/redis-self-cert.crt"
|
||
|
redis_csr:
|
||
|
type: string
|
||
|
default: "/etc/pki/tls/certs/redis-self.csr"
|
||
|
generate_self_signed_cert: true
|
||
|
nginx_ssl_cert_file:
|
||
|
type: string
|
||
|
default: "/etc/pki/tls/private/nginx-self-signed.crt"
|
||
|
nginx_ssl_key_file:
|
||
|
type: string
|
||
|
default: "/etc/pki/tls/certs/nginx-self-signed.key"
|
||
|
nginx_ssl_csr_file:
|
||
|
type: string
|
||
|
default: "/etc/pki/tls/certs/nginx-self-signed.csr"
|
||
|
code_enable_ssl:
|
||
|
type: boolean
|
||
|
default: false
|
||
|
code_enable_ssl_termination:
|
||
|
type: boolean
|
||
|
default: true
|
||
|
code_ssl_key:
|
||
|
type: string
|
||
|
default: ""
|
||
|
code_ssl_cert:
|
||
|
type: string
|
||
|
default: ""
|
||
|
code_ssl_ca:
|
||
|
type: string
|
||
|
default: ""
|
||
|
php_fpm_replicas:
|
||
|
type: integer
|
||
|
default: 2
|
||
|
http_replicas:
|
||
|
type: integer
|
||
|
default: 2
|
||
|
coolwsd_replicas:
|
||
|
type: integer
|
||
|
default: 2
|
||
|
redis_replicas:
|
||
|
type: integer
|
||
|
default: 2
|
||
|
scope: Namespaced
|
||
|
names:
|
||
|
plural: nextclouds
|
||
|
singular: nextcloud
|
||
|
kind: Nextcloud
|
||
|
shortNames: nc
|
||
|
```
|
||
|
|
||
|
## Resources
|
||
|
|
||
|
Every time a new `Nextcloud` resource is created, the operator will create
|
||
|
a set of kubernetes resources:
|
||
|
|
||
|
* php-fpm deployment: Handles the PHP processing part of the Nextcloud application.
|
||
|
* Shares a volume with the `nginx` deployment.
|
||
|
* Is available to the cluster via the `php-fpm-service` by using the php-fpm label.
|
||
|
* Spins `php_fpm_replicas` number of replicas defined in the `Nextcloud` resource.
|
||
|
|
||
|
* php-fpm service: Handles the load balancing of the `php-fpm` deployment containers.
|
||
|
|
||
|
* Nginx deployment: Handles de `HTTP` requests for the Nextcloud instances.
|
||
|
* Shares a volume with the `php-fpm` deployment.
|
||
|
* Uses the `php-fpm-service` service to communicate with the `php-fpm` instances.
|
||
|
* Is exposed to the cluster via the `http-service` by using the http-service label.
|
||
|
* Spins `http_replicas` number of replicas defined in the `Nextcloud` resource.
|
||
|
|
||
|
* http-service: Handles the load balancing of the Nginx deployment containers.
|
||
|
|
||
|
* coolwsd deployment: Handles the LibreOffice online server for Nextcloud.
|
||
|
* Creates `coolwsd_replicas` number of containers defined in the
|
||
|
`Nextcloud` resource.
|
||
|
* Is exposed to the cluster via the `coolwsd-service` by using the coolwsd-service label.
|
||
|
* Spins `coolwsd_replicas` number of replicas defined in the `Nextcloud` resource.
|
||
|
|
||
|
* coolwsd-service: Handles the load balancing of the coolwsd deployment containers.
|
||
|
|
||
|
* redis deployment: Handles the redis database.
|
||
|
* Is exposed to the cluster via the `redis-service` by using the redis-service label.
|
||
|
* Spins `redis_replicas` number of replicas defined in the `Nextcloud` resource.
|
||
|
|
||
|
* redis-service: Handles the load balancing of the redis deployment containers.
|
||
|
|
||
|
**not sure if this should be here**
|
||
|
* postgres deployment: Handles the postgres database.
|
||
|
* Is exposed to the cluster via the `pg-service` by using the pg-service label.
|
||
|
* Spins `pg_replicas` number of replicas defined in the `Nextcloud` resource.
|
||
|
|
||
|
* postgres-service: Handles the load balancing of the postgres deployment containers.
|