--- apiVersion: v1 kind: Namespace metadata: name: nextcloud --- apiVersion: v1 kind: ConfigMap metadata: name: nextcloud-config namespace: nextcloud data: server.trusteddomains: "nextcloud.apps.mngoma.lab" database.createdbuser: "false" database.host: "192.168.1.137" database.name: "nextcloud" --- apiVersion: v1 kind: Secret metadata: name: nextcloud-secret namespace: nextcloud type: Opaque data: root.username: a2h3ZXpp root.password: QmxhY2tzdGFyMkBob21l database.username: YXBwX3VzZXI= database.password: MTIzNDU= --- apiVersion: v1 kind: ServiceAccount metadata: name: nextcloud-sa namespace: nextcloud --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: nextcloud-role namespace: nextcloud rules: - apiGroups: [""] resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: nextcloud-rolebinding namespace: nextcloud subjects: - kind: ServiceAccount name: nextcloud-sa roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nextcloud-role --- apiVersion: v1 kind: PersistentVolume metadata: name: nextcloud-pv labels: type: local spec: capacity: storage: 20Gi accessModes: - ReadWriteOnce storageClassName: local-pvs local: path: /home/ansible/k3s/makhiwane/nextcloud nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - lead persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-pvc namespace: nextcloud spec: accessModes: - ReadWriteOnce storageClassName: local-pvs resources: requests: storage: 20Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud namespace: nextcloud spec: replicas: 1 selector: matchLabels: app: nextcloud template: metadata: labels: app: nextcloud spec: serviceAccountName: nextcloud-sa containers: - name: nextcloud image: nextcloud:27.1.7 ports: - containerPort: 80 volumeMounts: - name: nextcloud-data mountPath: /var/www/html env: - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: nextcloud-secret key: root.username - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nextcloud-secret key: root.password - name: NEXTCLOUD_TRUSTED_DOMAINS valueFrom: configMapKeyRef: name: nextcloud-config key: server.trusteddomains - name: POSTGRES_HOST valueFrom: configMapKeyRef: name: nextcloud-config key: database.host - name: POSTGRES_DB valueFrom: configMapKeyRef: name: nextcloud-config key: database.name - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-secret key: database.username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-secret key: database.password - name: NC_SETUP_CREATE_DB_USER valueFrom: configMapKeyRef: name: nextcloud-config key: database.createdbuser volumes: - name: nextcloud-data persistentVolumeClaim: claimName: nextcloud-pvc --- apiVersion: v1 kind: Service metadata: name: nextcloud namespace: nextcloud spec: type: ClusterIP selector: app: nextcloud ports: - name: http protocol: TCP port: 80 targetPort: 80 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: nextcloud-web namespace: nextcloud spec: entryPoints: - websecure routes: - match: Host(`nextcloud.apps.mngoma.lab`) kind: Rule services: - name: nextcloud port: 80 scheme: http tls: {}