charts/nextcloud/values.yaml

## Official nextcloud image version
## ref: https://hub.docker.com/r/library/nextcloud/tags/
##
image:
  repository: nextcloud
  flavor: apache
  # default is generated by flavor and appVersion
  tag:
  pullPolicy: IfNotPresent
  # pullSecrets:
  #   - myRegistrKeySecretName

nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
deploymentAnnotations: {}
deploymentLabels: {}

# Number of replicas to be deployed
replicaCount: 1

## Allowing use of ingress controllers
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
  enabled: false
  # className: nginx
  annotations: {}
  #  nginx.ingress.kubernetes.io/proxy-body-size: 4G
  #  kubernetes.io/tls-acme: "true"
  #  cert-manager.io/cluster-issuer: letsencrypt-prod
  #  # Keep this in sync with the README.md:
  #  nginx.ingress.kubernetes.io/server-snippet: |-
  #    server_tokens off;
  #    proxy_hide_header X-Powered-By;
  #    rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
  #    rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
  #    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
  #    location = /.well-known/carddav {
  #      return 301 $scheme://$host/remote.php/dav;
  #    }
  #    location = /.well-known/caldav {
  #      return 301 $scheme://$host/remote.php/dav;
  #    }
  #    location = /robots.txt {
  #      allow all;
  #      log_not_found off;
  #      access_log off;
  #    }
  #    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
  #      deny all;
  #    }
  #    location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
  #      deny all;
  #    }
  # tls:
  #   - secretName: nextcloud-tls
  #     hosts:
  #       - nextcloud.kube.home
  labels: {}
  path: /
  pathType: Prefix


# Allow configuration of lifecycle hooks
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
  # postStartCommand: []
  # preStopCommand: []

phpClientHttpsFix:
  enabled: false
  protocol: https

nextcloud:
  host: nextcloud.kube.home
  username: admin
  password: changeme
  ## Use an existing secret
  existingSecret:
    enabled: false
    # secretName: nameofsecret
    usernameKey: nextcloud-username
    passwordKey: nextcloud-password
    tokenKey: ""
    smtpUsernameKey: smtp-username
    smtpPasswordKey: smtp-password
    smtpHostKey: smtp-host
  update: 0
  # If web server is not binding default port, you can define it
  containerPort: 80
  datadir: /var/www/html/data
  persistence:
    subPath:
  # if set, we'll template this list to the NEXTCLOUD_TRUSTED_DOMAINS env var
  trustedDomains: []
  ## SMTP configuration
  mail:
    enabled: false
    # the user we send email as
    fromAddress: user
    # the domain we send email from
    domain: domain.com
    smtp:
      host: domain.com
      secure: ssl
      port: 465
      authtype: LOGIN
      name: user
      password: pass
  ## Primary ObjectStore options
  # see: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#configuring-object-storage-as-primary-storage
  objectStore:
    # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
    s3:
      enabled: false
      # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
      accessKey: ""
      # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
      secretKey: ""
      # use legacy auth method
      legacyAuth: false
      # s3 endpoint to use; only required if you're not using AWS
      host: ""
      # use TLS/SSL for S3 connections
      ssl: true
      # default port that can be changed based on your object store, e.g. for minio, you can use 9000
      port: "443"
      # this is the default in the nextcloud docs
      region: "eu-west-1"
      # required if using s3, the name of the bucket you'd like to use
      bucket: ""
      # object prefix in bucket
      prefix: ""
      # set to true if you are not using DNS for your buckets.
      usePathStyle: false
      # autocreate the bucket
      autoCreate: false
      # optonal parameter: you probably want to keep this as default
      storageClass: "STANDARD"
      # server side encryption key. learn more: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#s3-sse-c-encryption-support
      sse_c_key: ""
      # use an existingSecret for S3 credentials. If set, we ignore the following under nextcloud.objectStore.s3
      # endpoint, accessKey, secretKey
      existingSecret: ""
      secretKeys:
        # key in nextcloud.objectStore.s3.existingSecret to use for s3 endpoint
        host: ""
        # key in nextcloud.objectStore.s3.existingSecret to use for s3 accessKeyID
        accessKey: ""
        # key in nextcloud.objectStore.s3.existingSecret to use for s3 secretAccessKey
        secretKey: ""
        # key in nextcloud.objectStore.s3.existingSecret to use for the s3 bucket
        bucket: ""
        # key in nextcloud.objectStore.s3.existingSecret to use for the s3 sse_c_key
        sse_c_key: ""
    ## options related to using Swift as a primary object storage
    # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#openstack-swift
    swift:
      enabled: false
      # swift user info
      user:
        domain: "Default"
        name: ""
        password: ""
      # swift project info
      project:
        name: ""
        domain: "Default"
      # The Identity / Keystone endpoint
      url: ""
      region: ""
      # optional on some swift implementations
      service: "swift"
      # the container to store the data in
      container: ""
      # autocreate container
      autoCreate: false

  ## PHP Configuration files
  # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
  phpConfigs: {}
  ## Default config files that utilize environment variables:
  # see: https://github.com/nextcloud/docker/tree/master#auto-configuration-via-environment-variables
  # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
  # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/.config
  defaultConfigs:
    # To protect /var/www/html/config
    .htaccess: true
    # Apache configuration for rewrite urls
    apache-pretty-urls.config.php: true
    # Define APCu as local cache
    apcu.config.php: true
    # Apps directory configs
    apps.config.php: true
    # Used for auto configure database
    autoconfig.php: true
    # Redis default configuration
    redis.config.php: true
    # Reverse proxy default configuration
    reverse-proxy.config.php: true
    # S3 Object Storage as primary storage
    s3.config.php: true
    # SMTP default configuration via environment variables
    smtp.config.php: true
    # Swift Object Storage as primary storage
    swift.config.php: true
    # disables the web based updater as the default nextcloud docker image does not support it
    upgrade-disable-web.config.php: true

  # Extra config files created in /var/www/html/config/
  # ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
  configs: {}
  # For example, to enable image and text file previews:
  #  previews.config.php: |-
  #    <?php
  #    $CONFIG = array (
  #      'enable_previews' => true,
  #      'enabledPreviewProviders' => array (
  #        'OC\Preview\Movie',
  #        'OC\Preview\PNG',
  #        'OC\Preview\JPEG',
  #        'OC\Preview\GIF',
  #        'OC\Preview\BMP',
  #        'OC\Preview\XBitmap',
  #        'OC\Preview\MP3',
  #        'OC\Preview\MP4',
  #        'OC\Preview\TXT',
  #        'OC\Preview\MarkDown',
  #        'OC\Preview\PDF'
  #      ),
  #    );

  # Hooks for auto configuration
  # Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d/<hook-name>/helm.sh`
  # ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders
  hooks:
    pre-installation:
    post-installation:
    pre-upgrade:
    post-upgrade:
    before-starting:

  ## Strategy used to replace old pods
  ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  strategy:
    type: Recreate
    # type: RollingUpdate
    # rollingUpdate:
    #   maxSurge: 1
    #   maxUnavailable: 0

  ##
  ## Extra environment variables
  extraEnv:
  #  - name: SOME_SECRET_ENV
  #    valueFrom:
  #      secretKeyRef:
  #        name: nextcloud
  #        key: secret_key

  # Extra init containers that runs before pods start.
  extraInitContainers: []
  #  - name: do-something
  #    image: busybox
  #    command: ['do', 'something']

  # Extra sidecar containers.
  extraSidecarContainers: []
  #  - name: nextcloud-logger
  #    image: busybox
  #    command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log']
  #    volumeMounts:
  #    - name: nextcloud-data
  #      mountPath: /run/nextcloud/data

  # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
  # to NextCloud pods in Kubernetes. This can then be configured in External Storage
  extraVolumes:
  #  - name: nfs
  #    nfs:
  #      server: "10.0.0.1"
  #      path: "/nextcloud_data"
  #      readOnly: false
  extraVolumeMounts:
  #  - name: nfs
  #    mountPath: "/legacy_data"

  # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container).
  # For example, you may need to define runAsNonRoot directive
  securityContext: {}
  #   runAsUser: 33
  #   runAsGroup: 33
  #   runAsNonRoot: true
  #   readOnlyRootFilesystem: false

  # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive
  podSecurityContext: {}
  #   runAsUser: 33
  #   runAsGroup: 33
  #   runAsNonRoot: true
  #   readOnlyRootFilesystem: false

  # Settings for the MariaDB init container
  mariaDbInitContainer:
    # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive
    securityContext: {}

  # Settings for the PostgreSQL init container
  postgreSqlInitContainer:
    # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive
    securityContext: {}


nginx:
  ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
  enabled: false

  image:
    repository: nginx
    tag: alpine
    pullPolicy: IfNotPresent

  containerPort: 80

  config:
    # This generates the default nginx config as per the nextcloud documentation
    default: true
    custom:
    # custom: |-
    #     worker_processes  1;..

  resources: {}

  # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive
  securityContext: {}
  # the nginx alpine container default user is 82
  #   runAsUser: 82
  #   runAsGroup: 33
  #   runAsNonRoot: true
  #   readOnlyRootFilesystem: true

  ## Extra environment variables
  extraEnv: []
  #  - name: SOME_ENV
  #    value: ENV_VALUE

internalDatabase:
  enabled: true
  name: nextcloud

##
## External database configuration
##
externalDatabase:
  enabled: false

  ## Supported database engines: mysql or postgresql
  type: mysql

  ## Database host. You can optionally include a colon delimited port like "myhost:1234"
  host: ""

  ## Database user
  user: nextcloud

  ## Database password
  password: ""

  ## Database name
  database: nextcloud

  ## Use a existing secret
  existingSecret:
    enabled: false
    # secretName: nameofsecret
    usernameKey: db-username
    passwordKey: db-password
    # hostKey: db-hostname-or-ip
    # databaseKey: db-name

##
## MariaDB chart configuration
## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
##
mariadb:
  ## Whether to deploy a mariadb server from the bitnami mariab db helm chart
  # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true
  # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters
  enabled: false

  # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters
  global:
    # overwrites the primary.persistence.storageClass value
    defaultStorageClass: ""

  auth:
    database: nextcloud
    username: nextcloud
    password: changeme
    # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored).
    # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password
    existingSecret: ""

  architecture: standalone

  ## Enable persistence using Persistent Volume Claims
  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  ##
  primary:
    persistence:
      enabled: false
      # Use an existing Persistent Volume Claim (must be created ahead of time)
      existingClaim: ""
      storageClass: ""
      accessMode: ReadWriteOnce
      size: 8Gi

##
## PostgreSQL chart configuration
## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
##
postgresql:
  enabled: false
  global:
    postgresql:
      # global.postgresql.auth overrides postgresql.auth
      auth:
        username: nextcloud
        password: changeme
        database: nextcloud
        # Name of existing secret to use for PostgreSQL credentials.
        # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret.
        # secret might also contains the key ldap-password if LDAP is enabled.
        # ldap.bind_password will be ignored and picked from this secret in this case.
        existingSecret: ""
        # Names of keys in existing secret to use for PostgreSQL credentials
        secretKeys:
          adminPasswordKey: ""
          userPasswordKey: ""
          replicationPasswordKey: ""
  primary:
    persistence:
      enabled: false
      # Use an existing Persistent Volume Claim (must be created ahead of time)
      # existingClaim: ""
      # storageClass: ""

##
## Redis chart configuration
## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis
##

redis:
  enabled: false
  auth:
    enabled: true
    password: 'changeme'
    # name of an existing secret with Redis® credentials (instead of auth.password), must be created ahead of time
    existingSecret: ""
    # Password key to be retrieved from existing secret
    existingSecretPasswordKey: ""
  # Since Redis is used for caching only, you might want to use a storageClass with different reclaim policy and backup settings
  global:
    storageClass: ""
  master:
    persistence:
      enabled: true
  replica:
    persistence:
      enabled: true


## Cronjob to execute Nextcloud background tasks
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
##
cronjob:
  enabled: false

  ## Cronjob sidecar resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources: {}

  # Allow configuration of lifecycle hooks
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
  lifecycle: {}
    # postStartCommand: []
    # preStopCommand: []
  # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
  securityContext: {}
  #   runAsUser: 33
  #   runAsGroup: 33
  #   runAsNonRoot: true
  #   readOnlyRootFilesystem: true

service:
  type: ClusterIP
  port: 8080
  loadBalancerIP: ""
  nodePort:
  annotations: {}
    ## Insert your annotations such as below
    # test/test: pumuckel

## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
  # Nextcloud Data (/var/www/html)
  enabled: false
  annotations: {}
  ## nextcloud data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # storageClass: "-"

  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  # existingClaim:

  accessMode: ReadWriteOnce
  size: 8Gi

  ## Use an additional pvc for the data directory rather than a subpath of the default PVC
  ## Useful to store data on a different storageClass (e.g. on slower disks)
  nextcloudData:
    enabled: false
    subPath:
    annotations: {}
    # storageClass: "-"
    # existingClaim:
    accessMode: ReadWriteOnce
    size: 8Gi

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  cpu: 100m
  #  memory: 128Mi
  # requests:
  #  cpu: 100m
  #  memory: 128Mi

## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
  enabled: true
  initialDelaySeconds: 10
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
readinessProbe:
  enabled: true
  initialDelaySeconds: 10
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
startupProbe:
  enabled: false
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 30
  successThreshold: 1


## Enable pod autoscaling using HorizontalPodAutoscaler
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
hpa:
  enabled: false
  cputhreshold: 60
  minPods: 1
  maxPods: 10

nodeSelector: {}

tolerations: []

affinity: {}

dnsConfig: {}
# Custom dns config for Nextcloud containers.
# You can for example configure ndots. This may be needed in some clusters with alpine images.
# options:
#   - name: ndots
#     value: "1"

## Prometheus Exporter / Metrics
##
metrics:
  enabled: false

  replicaCount: 1
  # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container.
  # Without it, we will use the full name of the nextcloud service
  server: ""
  # The metrics exporter needs to know how you serve Nextcloud either http or https
  https: false
  # Use API token if set, otherwise fall back to password authentication
  # https://github.com/xperimental/nextcloud-exporter#token-authentication
  # Currently you still need to set the token manually in your nextcloud install
  token: ""
  timeout: 5s
  # if set to true, exporter skips certificate verification of Nextcloud server.
  tlsSkipVerify: false
  info:
    # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container.
    # Enables gathering of apps-related metrics. Defaults to false
    apps: false

  image:
    repository: xperimental/nextcloud-exporter
    tag: 0.6.2
    pullPolicy: IfNotPresent
    # pullSecrets:
    #   - myRegistrKeySecretName

  ## Metrics exporter resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources: {}

  # -- Metrics exporter pod Annotation
  podAnnotations: {}

  # -- Metrics exporter pod Labels
  podLabels: {}

  # -- Metrics exporter pod nodeSelector
  nodeSelector: {}

  # -- Metrics exporter pod tolerations
  tolerations: []

  # -- Metrics exporter pod affinity
  affinity: {}

  service:
    type: ClusterIP
    # Use serviceLoadBalancerIP to request a specific static IP,
    # otherwise leave blank
    loadBalancerIP:
    annotations:
      prometheus.io/scrape: "true"
      prometheus.io/port: "9205"
    labels: {}

  # -- security context for the metrics CONTAINER in the pod
  securityContext:
    runAsUser: 1000
    runAsNonRoot: true
    # allowPrivilegeEscalation: false
    # capabilities:
    #   drop:
    #     - ALL

  # -- security context for the metrics POD
  podSecurityContext: {}
  # runAsNonRoot: true
  # seccompProfile:
  #   type: RuntimeDefault

  ## Prometheus Operator ServiceMonitor configuration
  ##
  serviceMonitor:
    ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
    ##
    enabled: false

    ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
    ##
    namespace: ""

    ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace)
    namespaceSelector:

    ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
    ##
    jobLabel: ""

    ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    interval: 30s

    ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
    scrapeTimeout: ""

    ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
    ##
    labels: {}


rbac:
  enabled: false
  serviceaccount:
    create: true
    name: nextcloud-serviceaccount
    annotations: {}


## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
securityContext: {}