lemur/nextcloud/k8s/operator/docs/arquitecture.md

213 lines
8 KiB
Markdown

# Nextcloud Operator
Nextcloud operator handles the deployment of a Nextcloud HA instance
plus the LibreOffice online application in a kubernetes cluster.
Operator main taks:
* Defines a Custom Resource Definition (CRD) that contains the configuration
options required to define a Nextcloud HA instance.
* Creates Nextcloud HA instances when a new resource is created.
* Updates Nextcloud configuration to when a change to the CRD is detected.
* Checks for new Nextcloud versions and notifies the admin if there's
a new compatible version.
* Handles nextcloud upgrades
## Resources
Every time a new `Nextcloud` resource is created, the operator will create
a set of kubernetes resources:
* php-fpm deployment: Handles the PHP processing part of the Nextcloud application.
* Shares a volume with the `nginx` deployment.
* Is available to the cluster via the `php-fpm-service` by using the php-fpm label.
* Spins `php_fpm_replicas` number of replicas defined in the `Nextcloud` resource.
* php-fpm service: Handles the load balancing of the `php-fpm` deployment containers.
* Nginx deployment: Handles de `HTTP` requests for the Nextcloud instances.
* Shares a volume with the `php-fpm` deployment.
* Uses the `php-fpm-service` service to communicate with the `php-fpm` instances.
* Is exposed to the cluster via the `http-service` by using the http-service label.
* Spins `http_replicas` number of replicas defined in the `Nextcloud` resource.
* http-service: Handles the load balancing of the Nginx deployment containers.
* coolwsd deployment: Handles the LibreOffice online server for Nextcloud.
* Creates `coolwsd_replicas` number of containers defined in the
`Nextcloud` resource.
* Is exposed to the cluster via the `coolwsd-service` by using the coolwsd-service label.
* Spins `coolwsd_replicas` number of replicas defined in the `Nextcloud` resource.
* coolwsd-service: Handles the load balancing of the coolwsd deployment containers.
* redis deployment: Handles the redis database.
* Is exposed to the cluster via the `redis-service` by using the redis-service label.
* Spins `redis_replicas` number of replicas defined in the `Nextcloud` resource.
* redis-service: Handles the load balancing of the redis deployment containers.
* Database and IdM are assumed to be external services and are outside of the
Nextcloud operator scope.
## CRD:
```
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: nextcloud.operators.imcsk8.chavero.com.mx
spec:
group: operators.imcsk8.chavero.com.mx
versions:
- name: v1 # it's possible to provide multiple versions of a CRD
served: true # it's possible to disable a CRD
storage: true # there can be multiple versions but only one can be used to store the objects
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
nextcloud_path:
type: string
default: "/usr/share/nginx/html"
nextcloud_occ:
type: string
default: "/usr/share/nginx/html/occ"
nginx_path:
type: string
default: "/etc/nginx/conf.d" # FIXME: Set PHP version from Debian version: 7.4 for Debian 11, 7.3 for Debian 10
php_ini_path:
type: string
default: "/etc"
php_pool_path:
type: string
default: "/etc/php-fpm.d"
php_fpm_service:
type: string
default: "php-fpm"
document_root:
type: string
default: "/usr/share/nginx/html"
web_user:
type: string
default: "nginx"
pg_hba_conf:
type: string
default: "/var/lib/pgsql/data/pg_hba.conf"
redis_dir:
type: string
default: "/etc"
redis_user:
type: string
default: "nextcloud"
redis_url:
type: string
default: "https://127.0.0.1"
redis_password:
type: string
default: "2XenoNNBtLJqrELTfmCLum/42Guz72Ym0RPMxXh5+pT"
nextcloud_version:
type: string
default: "24.0.3"
nextcloud_checksum:
type: string
default: "sha256:4820808f799146853604e1fa27d7f292449018a44dc73bf928a97b02028318ba"
nextcloud_database:
type: string
default: "nextcloud"
nextcloud_database_user:
type: string
default: "nextcloud"
nextcloud_database_user_password:
type: string
default: "nVdUe6%Ua9c,Rd.8BVugPHPm2yqUSXWCAy%1GXOQGn8tg9F?k%R"
nextcloud_admin_user:
type: string
default: "nextcloud_admin"
nextcloud_admin_password:
type: string
default: "prueba123"
nextcloud_fqdn:
type: string
default: ""
nextcloud_domain_name:
type: string
default: "nextcloud"
notify_push_nextcloud_url:
type: string
default: "http://localhost"
key_size:
type: integer
default: 4096
key_type:
type: string
default: "RSA" # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
country_name:
type: string
default: "MX"
email_address:
type: string
default: "ssl@example.com"
organization_name:
type: string
default: "Nextcloud"
server_hostname:
type: string
default: "example.com"
redis_cert_private_key:
type: string
default: "/etc/pki/tls/private/redis-cert-private-key.pem"
redis_cert:
type: string
default: "/etc/pki/tls/certs/redis-self-cert.crt"
redis_csr:
type: string
default: "/etc/pki/tls/certs/redis-self.csr"
generate_self_signed_cert: true
nginx_ssl_cert_file:
type: string
default: "/etc/pki/tls/private/nginx-self-signed.crt"
nginx_ssl_key_file:
type: string
default: "/etc/pki/tls/certs/nginx-self-signed.key"
nginx_ssl_csr_file:
type: string
default: "/etc/pki/tls/certs/nginx-self-signed.csr"
code_enable_ssl:
type: boolean
default: false
code_enable_ssl_termination:
type: boolean
default: true
code_ssl_key:
type: string
default: ""
code_ssl_cert:
type: string
default: ""
code_ssl_ca:
type: string
default: ""
php_fpm_replicas:
type: integer
default: 2
http_replicas:
type: integer
default: 2
coolwsd_replicas:
type: integer
default: 2
redis_replicas:
type: integer
default: 2
scope: Namespaced
names:
plural: nextclouds
singular: nextcloud
kind: Nextcloud
shortNames: nc
```