AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
prod/nextcloud/README.md Normal file
View File

@@ -0,0 +1,66 @@
#Installeren:
1. zorg dat mariadb draait
2. kubectl apply -f
#NATS
Neural Autonomic Transport System
| Feature | Role of NATS in Nextcloud |
| -------------------------- | ----------------------------------------- |
| Real-time events | Broadcast file/app events across services |
| Microservice messaging | Decouples internal communication |
| Push notifications | Enables scalable mobile/web push |
| Scaling WebSocket services | Helps distribute WebSocket load |
#SPREED
"Spread" + "Speed"
Spreed started as a standalone WebRTC project, originally developed by the German company struktur AG.
Struktur AG was later acquired by Nextcloud GmbH, and Spreed became tightly integrated with Nextcloud Talk.
| Feature | Role of Spreed |
| -------------------------- | ------------------------------------------------ |
| **Video & voice calls** | Handles WebRTC signaling for 1:1 and group calls |
| **Text chat** | Powers chat rooms, messages, mentions, etc. |
| **Screensharing** | Facilitates screen sharing over WebRTC |
| **TURN/STUN support** | Helps users connect through firewalls/NATs |
| **Signaling server** | Coordinates call setup between users |
| **Multiparty conferences** | Manages group call state and media routing |
The High-performance backend developed by our Partner Struktur AG available in their
GitHub organisation.
The High-performance backend itself consists of multiple modules, the most important ones
being a:
- signaling server and a
- WebRTC media gateway.
Nextcloud Talk comes as an app within Nextcloud, but it needs
- Spreed (the WebRTC backend) and a
- TURN server for video and audio calls. The best practice is to set up Coturn for this.
#TURN server:
This acts as a fallback for peer-to-peer connections if direct connection fails.
A TURN server is used to proxy the traffic from participants behind a firewall.
If individual participants cannot connect to others a TURN server is most likely required
Voor Matrix en Nextcloud gebruiken we coturn. coturn draait in cluster LattePanda en is door traefik exposed op poorten:
- name: turn-udp
containerPort: 3478
protocol: UDP
- name: turn-tcp
containerPort: 3478
protocol: TCP
- name: turns-tcp
containerPort: 5349
protocol: TCP
#STUN server:
This is used to discover the public IP address of a client when it's behind a NAT (e.g., router).
#Handige commando's:
kubectl exec -n nextcloud -it deployment/nextcloud -- cat /var/www/html/config/config.php
#Upgrade:
kubectl exec -it nextcloud-55b6c999bd-pzwxb -n nextcloud -- php /var/www/html/occ upgrade
5-10-2025: upgrade naar 32.0.0

11
prod/nextcloud/catalog-info.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: prod-nextcloud
title: Nextcloud (prod)
spec:
type: service
lifecycle: production
owner: platform-team
partOf:
- ../catalog-info.yaml

25
prod/nextcloud/logs Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
NAMESPACE="nextcloud"
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <nextcloud|spreed>"
exit 1
fi
APP_NAME=$1
if [[ "$APP_NAME" != "nextcloud" && "$APP_NAME" != "spreed" ]]; then
echo "Error: Invalid argument. Use 'nextcloud' or 'spreed'."
exit 1
fi
POD_NAME=$(microk8s kubectl get pods -n $NAMESPACE -l app=$APP_NAME -o jsonpath='{.items[0].metadata.name}')
if [ -z "$POD_NAME" ]; then
echo "Error: No pod found for app=$APP_NAME in namespace $NAMESPACE"
exit 1
fi
echo "Fetching logs for pod: $POD_NAME"
microk8s kubectl logs -n $NAMESPACE $POD_NAME

33
prod/nextcloud/nats.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nats
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nats
template:
metadata:
labels:
app: nats
spec:
containers:
- name: nats
image: nats:latest
ports:
- containerPort: 4222
---
apiVersion: v1
kind: Service
metadata:
name: nats
namespace: nextcloud
spec:
selector:
app: nats
ports:
- name: client
port: 4222
targetPort: 4222

45
prod/nextcloud/nextcloud-certificate/README.md Normal file
View File

@@ -0,0 +1,45 @@
AANMAKEN CERTIFICAAT:
Uitleg:
omdat traefik de TLS interrupt doet moet Nextcloud Traefik vertrouwen.
Er komt immers alleen http verkeer bij Nextcloud binnen.
Verkeer van buiten moet echter wel weten dat het echt met Nextcloud praat.
Daarom werkt het Trafik default certificate ook niet.
Je moet dus een eigen certificaat aanmaken voor nextcloud-prod.allard.dcs.
Dit doe je in mijn geval via cert-manager die op zijn beurt de cert-issuer Letstencrypt gebruikt. In je route geef je dan ipv TLS Letsencrypt de naam van het secret op dat je certificaat bevat. Dus Traefik doet nog steeds de TLS-interrupt,
maar gebruikt daarbij het Nextcloud certificaat i.p.v. het default certificaat.
2.Maak certificaat aan:
kubectl apply -f certificate.yaml
3.Updaten route:
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- match: Host(`nextcloud-prod.allarddcs.nl`)
kind: Rule
services:
- name: nextcloud
port: 80
tls:
secretName: nextcloud-prod.allarddcs.nl
4.herstarten traefik:
kubectl rollout restart deployment traefik -n traefik
5: checken certificaat issuer:
openssl s_client -connect nextcloud-prod.allarddcs.nl:443 -servername nextcloud-prod.allarddcs.nl | openssl x509 -noout -text | grep "Issuer:"
Dit mag nu niet meer TRAEFIK DEFAULT CERTIFICATE zijn.

16
prod/nextcloud/nextcloud-certificate/certificate.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nextcloud-prod.allarddcs.nl
namespace: nextcloud
spec:
dnsNames:
- nextcloud-prod.allarddcs.nl
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt
secretName: nextcloud-prod.allarddcs.nl
usages:
- digital signature
- key encipherment

1
prod/nextcloud/nextcloud-certificate/check-sertificate.sh Executable file
View File

@@ -0,0 +1 @@
openssl s_client -connect nextcloud-prod.allarddcs.nl:443 -servername nextcloud-prod.allarddcs.nl | openssl x509 -noout -text | grep "Issuer:"

30
prod/nextcloud/nextcloud-certificate/nextcloud-selfsigned.crt Normal file
View File

@@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFLTCCAxWgAwIBAgIUPO3LZvWoawNHGXyTzL706CRIeWEwDQYJKoZIhvcNAQEL
BQAwJjEkMCIGA1UEAwwbbmV4dGNsb3VkLXByb2QuYWxsYXJkZGNzLm5sMB4XDTI1
MDIwNjA4MDMzNVoXDTI2MDIwNjA4MDMzNVowJjEkMCIGA1UEAwwbbmV4dGNsb3Vk
LXByb2QuYWxsYXJkZGNzLm5sMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAnN/IBA7l6Np7DV9olpGStpVyFc//o/78sp+rtHQB+U8ipqx3IB9gnMLhwPMb
WhUczE/3uAv4FXHmC1BHgC791fVFaG0EnTvnQ/lgQUA6YxWMqVD/DeXdOwpbvR8z
5i5ej/+R9NJU1Z+bHFs7qezyjt32woqU/AcbppIqSaotqOMg8VXa0JAWoDREGAvj
i2mrQuVjJtDCb3VtCsCy0QjrxFUuWkL1mlbMbu7eK7nNAayLT3EXnyL/aqk1ehlw
NBmhpHH8w5JgF7lhOzhb79JiiIu8TmvFiSkVJ+5b8Vshq2VbGIOVi9d9O5vzLYsO
96EGtC6je8MdrWrOscnVnlU6QBiCx0zIAUEcmZJGBM9EGObJ99tiGLyjyhAAT3yS
2AUpnRx1t0NSugT5/TDokfMWAfPrcvy7YL557V82Nj0GWlfJAKf9mFyCvqkLNDpr
2XUaecAkXFYXYYHh6CPOcGhxIvKeoWvxUVVucIQ4AEWstnRvpX9dxdWTmnIJ3mwI
f5BO/UqwuEhIMPOSHcK1f1WALGqySYRynVR3woMZe0d1fEqjUa90QGrBlzkZGC7m
qQ/s66la61Za4Z2xpLf+bpIWF58i3QrTgML+J4/2eukDBoHEGuRw/eT0Q1Nm273k
P0285RVB7Ajfjz6H0GpY0biF7A4qUtQQFMiTaj6v8+uerIsCAwEAAaNTMFEwHQYD
VR0OBBYEFLpljsx8toJnnXd2DbN4JNg7xfoVMB8GA1UdIwQYMBaAFLpljsx8toJn
nXd2DbN4JNg7xfoVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
ADVC+HEVR4O+xxHLCcYC2L6z4unKG03oFEglqwPYYPrBX05yhrY3hCE4poWDRi4s
o+Mlan01yPIHKVN/YnlRvwsTqlyZGeQ1proFWOYAEC5e/iuEkZUlFkscaI74FcQH
yw0B61He2nDi7xIWJZdzxZngnYvZ/A7GkmM9Bb+7sPfc/CBOkRLab7+OT93pNR7i
dMcNaRuMbdSQPIxO4J04Zzf8ecb7ueuxcNrZcAPO0g0gBvnY/YC5tCTnhtASX2mq
mroPi+u1YHXvUS+gBZmVE1DeFRhmtv40r9oosa/15zNJV/ORlK9ibiS5m0ykyBZP
aPSmHfjLc0RXMCRqxs4SSr1wHwM+WLquuX4IpnpkS9fuxRl8MLdHx0xXvAPg8/pW
0rk5+aaDUWrU5Uli+6cYelzVUAEtwXKBg3wiclk7v3QIdtTLDCmYg8J5SIVb+X9+
o8BQH9V6x6h0MDobZeX972gs4bxDmYFAD4eXAb78FFFDLE8EFzS/LgnPLsuaE9Yg
fMYJ3xzXxSb1Q52yT8L/fxfJlNQ9m0rS3klCJJCffzRCCV9pf/zeP5A9aaRm5gvR
rL158acXwbQh/u02HyO6eGQZp4GePEQolbJPUuVCl6hEtQiszTl0VjAExnWGbu/3
Xv79AAS75T7uyjezSpx7Ts6EK4FYz8bxb5zJyTMn86v/
-----END CERTIFICATE-----

52
prod/nextcloud/nextcloud-certificate/nextcloud-selfsigned.key Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCc38gEDuXo2nsN
X2iWkZK2lXIVz/+j/vyyn6u0dAH5TyKmrHcgH2CcwuHA8xtaFRzMT/e4C/gVceYL
UEeALv3V9UVobQSdO+dD+WBBQDpjFYypUP8N5d07Clu9HzPmLl6P/5H00lTVn5sc
Wzup7PKO3fbCipT8BxumkipJqi2o4yDxVdrQkBagNEQYC+OLaatC5WMm0MJvdW0K
wLLRCOvEVS5aQvWaVsxu7t4ruc0BrItPcRefIv9qqTV6GXA0GaGkcfzDkmAXuWE7
OFvv0mKIi7xOa8WJKRUn7lvxWyGrZVsYg5WL1307m/Mtiw73oQa0LqN7wx2tas6x
ydWeVTpAGILHTMgBQRyZkkYEz0QY5sn322IYvKPKEABPfJLYBSmdHHW3Q1K6BPn9
MOiR8xYB8+ty/LtgvnntXzY2PQZaV8kAp/2YXIK+qQs0OmvZdRp5wCRcVhdhgeHo
I85waHEi8p6ha/FRVW5whDgARay2dG+lf13F1ZOacgnebAh/kE79SrC4SEgw85Id
wrV/VYAsarJJhHKdVHfCgxl7R3V8SqNRr3RAasGXORkYLuapD+zrqVrrVlrhnbGk
t/5ukhYXnyLdCtOAwv4nj/Z66QMGgcQa5HD95PRDU2bbveQ/TbzlFUHsCN+PPofQ
aljRuIXsDipS1BAUyJNqPq/z656siwIDAQABAoICAAGyxIISvTdzohBnf4Tdx5ZV
cNo+mbhnSsoOQ3gdJ2ZRDoF6bYG6BTw9Od9yYlHr15d4qChkbMeip4ho0pVXLOVT
lfBG+d1P6DWKrhmWvesTsSWmHFTEr8vzVUHrZA7yYpCxhh1953A2naHFdRRmXcvh
KEo74NgHpat8epu4jWz+JH2oXcmTPcN3PWN7QXfhaXq8bAHgEbLONSOAKY9sxsyl
1W4hunH0zZrH2Dzl8ou5l/qAsW5GHTjE4zDStK3Dt0XF/CQL4iFvntdayVgD0ZBD
3wKEVSuid7mqcXFf+LHX05Ak4IoWh6MNEallD4Dry9xIgvmUh644cUtocXkY2BwU
MK8yg33uYw4CKKB/tQLWhcOROAqU1VBkiqXVprbWwXtZo6EvdA+eAmHxsuYdAC/l
S/lLyew9nyT69RkDJpXE7C6nZ3ut0wfRs8VAwWnr7JtYPbYosjZ4ACzADFnUWkJt
DUxivk58Ew/AH8saDQfaVTcO2J4R8T8VupBh7axzNKJG2E/zt/53BPa1Iy7/DDtd
AIQeRt1G2t/qWznQ+7c9HelGFoUjVAAAj2vUCaYe8WdyNcwG0Powqf6s1jZ9rRU9
KSFrAbygNeHiq4VzS7D+0N93nvZqstLxvnuTGFD8T6Q1B9FbFuA4mevyQRBFE5SF
WIDQ4c/RU5VtQEvAt7FxAoIBAQDNla5rP7qqR40PnHKpuqCShG8xzdm/gc2FkE/b
BUb25h/S2kPFCSGasPLpL/F0m3v4mx6jiMyRAdQVxOHV2bs0RdL2V3z65+swCfNf
ESvTOAsGDIH4BbrqWwOSonSTFL006T2ACXDArvmYd4572KZ2B8Qv3Pp1TO4i1j3z
/HBoi3F7FwZaYGZT1pVWAkoXCDQj46QSz7Cgo6zR1lhKiQkPcqpAVlFghLfTiEdz
obeOX8oDdmKyh6SkJIiZ//VNivdBgL/TmBD0ZdNXnf+6Ys8iww+sWobAPgPva7Bl
TNgZzH0HEXwC8i8DZh0s1oCdAbaFuisalzGtqUHwqMQDQD2RAoIBAQDDWB7DVfYr
rKzRF2IJke7YeXWLl5DCW3SQjohF40Or0zyoVEDEvQgQFL0JLQ7wv9ZzJvt+GjaH
iNcKRYBVR1nb6Fw1TDu+cI8DhsWg13UK30S/H9O5w0s6YlwY+62knlOWepl84pAp
Y1a9u0+/UR7WJm5eO7plZMqggyWdArjIek56xrCnvvPuxv9HCKxpJKcwTLVlA5q3
vihfIBM3i32TLOeo7A81IBGHVGstHY6b4ch8IW0tS5GJFwAIvwgxCFxanQjHrwfp
HLbigTXKcqX1gzJeuHV2K3Y10qSNfZNbZxvcYyxnQ63+0tgpHorJqj1/aLM4y3E3
op/LgyBjPypbAoIBADdN0tPrGu3/vYS7k2TxXYzMr5T4SWFpK76IadMDgmmc0mbI
bH6uzClu/ImaahvyT9E6+W0Iue8wTLtmcVIz9lZDilLWijp89RnBM4UZe26gnuaL
qtLrx7KPtVBW/4EpjRSUwgSVhY1wBJjtYJkUWQNbZ31wtrejcFRSyeu+twaIrIhu
UzkwwZZAHYA7sW6suEoHTPX6hQtRvIXeYXX7k0JimEYiclXCnij7ei0zDcvxHMj9
qeNY9gNqCI1U+8pWXdlzJydmuvjkA4yIZmjfd9VkH+0/lQxWInzfvV4i4+dcyS2D
mJa6S8dgSuzq70JNWapzwHCwx55t790rqT8uouECggEAZjLBDXL4sorJcy7nlJgr
vEd3Lsvh6T0Ns99N/jpTGh8OmgZSSFuZT0h6ScWwDlZfLKmVY7j1FF2MG4yXAoas
xXdAXoX+r7iVqcOlu2tdiY2bmt5c19ALmIUDJ/LsOra2hoCnsoWZ5H1bUTIhG7em
CWXb0iMvdoKP3AAg+o8E+6W5T1SJ8Yjed+rWfWRVR0Ds00EembWUCVNMLdBLHYE1
9nzEykSOBD49zW5mEBlplbY/PGoEg3EIuA83blv7PiPgpWuIv2ecHOJv7/qnmL34
g4TbImEg2u0MEEae3oN3R5efJOMhxPjMnAfVHVYkSDNvryuosCsHlZLYRRHaLPJM
BwKCAQAl06bCvDxbRONlnlMss/NOpx28IMgqSoM8jGYFy/hXni/PXrySZ9KurtE7
PGaccgzUxJsZxDLuQuqgZ2XDu+TfwDKitjJq3bmIQPq3c0vp5hCL1WnWOuLstjpP
xUxZwXXIHdTeKeTnIQchvPFt7a6EZxXDmKtwYtNLVeORsmhMnjpl0oR11sT7c8ea
PP6+uYzKwPUNcT39HQPAEkevN0oAEqSJZHmEpsO2KLsvB1h5iM1lq70TNer7Slps
x46utJPQA2Jqneb0lNHGBJGCJHUWH1UnCLlcC/QbQst+8bgU/jWST4ZJ4ReqcE9b
94Uzs1ncbpaJSiptNhu74s1ivs25
-----END PRIVATE KEY-----

258
prod/nextcloud/nextcloud.yaml Executable file
View File

@@ -0,0 +1,258 @@
apiVersion: v1
kind: Namespace
metadata:
name: nextcloud
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nextcloud-prod.allarddcs.nl
namespace: nextcloud
spec:
dnsNames:
- nextcloud-prod.allarddcs.nl
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt
secretName: nextcloud-prod.allarddcs.nl
usages:
- digital signature
- key encipherment
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud # < name of the deploymentand reference
namespace: nextcloud
labels:
app: nextcloud # < label for tagging and reference
spec:
replicas: 1 # < number of pods to deploy
selector:
matchLabels:
app: nextcloud
strategy:
rollingUpdate:
maxSurge: 1 # < The number of pods that can be created above the desired amount of pods during an update
maxUnavailable: 1 # < The number of pods that can be unavailable during the update process
type: RollingUpdate # < New pods are added gradually, and old pods are terminated gradually
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- image: nextcloud
name: nextcloud # < name of container
imagePullPolicy: Always # < always use the latest image when creating container/pod
env: # < environment variables. See https://hub.docker.com/r/linuxserver/nextcloud
- name: PGID
value: "1000" # < group "ubuntu"
- name: PUID
value: "1000" # < user "ubuntu"
- name: MYSQL_HOST
value: mariadb.mariadb.svc.cluster.local
- name: MYSQL_DATABASE
value: "nextcloud"
- name: MYSQL_USER
value: "nextcloud"
- name: MYSQL_PASSWORD
value: "nextcloud"
- name: MYSQL_ROOT_PASSWORD
value: "zabbix"
- name: NEXTCLOUD_HOSTNAME
value: "nextcloud-prod.allarddcs.nl"
- name: TZ
value: Europe/Amsterdam
- name: OVERWRITEPROTOCOL
value: "https"
- name: APACHE_SERVER_NAME
value: "nextcloud-prod.allarddcs.nl"
ports:
- containerPort: 80 # < required network portnumber. See https://hub.docker.com/r/linuxserver/nextcloud
name: http
protocol: TCP
volumeMounts: # < the volume mount in the container. Look at the relation volumelabel->pvc->pv
- name: nfs-nextcloud
mountPath: /var/www/html
subPath: html
- name: nfs-nextcloud
mountPath: /var/www/html/data
subPath: data
- name: nfs-nextcloud
mountPath: /var/www/html/config
subPath: config
- name: nfs-nextcloud
mountPath: /var/www/html/custom_apps
subPath: nextapps
- name: nfs-nextcloud
mountPath: /etc/apache2/apache2.conf
subPath: apache2.conf
volumes:
- name: nfs-nextcloud # < linkname of the volume for the pvc
persistentVolumeClaim:
claimName: nextcloud-pvc # < pvc name we created in the previous yaml
---
kind: Service
apiVersion: v1
metadata:
name: nextcloud # < name of the service
namespace: nextcloud
spec:
selector:
app: nextcloud # < reference to the deployment (connects service with the deployment)
ports:
- name: http
protocol: TCP
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-http
namespace: nextcloud
spec:
entryPoints:
- web
routes:
- match: Host(`nextcloud-prod.allarddcs.nl`)
kind: Rule
services:
- name: nextcloud
port: 80
middlewares:
- name: redirect-to-https
namespace: nextcloud
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-tls
namespace: nextcloud
spec:
entryPoints:
- websecure
routes:
- match: Host(`nextcloud-prod.allarddcs.nl`)
kind: Rule
services:
- name: nextcloud
port: 80
middlewares:
- name: nextcloud-headers
namespace: nextcloud
tls:
secretName: nextcloud-prod.allarddcs.nl
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-well-known
namespace: nextcloud
spec:
entryPoints:
- websecure
routes:
- match: Host(`nextcloud-prod.allarddcs.nl`) && PathPrefix(`/.well-known`)
kind: Rule
middlewares:
- name: nextcloud-well-known-redirect
namespace: nextcloud
services:
- name: nextcloud
port: 80
tls:
secretName: nextcloud-prod.allarddcs.nl
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-talk
namespace: nextcloud
spec:
entryPoints:
- websecure
routes:
- match: Host(`nextcloud-prod.allarddcs.nl`) && PathPrefix(`/nextcloud/apps/spreed`)
kind: Rule
services:
- name: nextcloud
port: 80
middlewares:
- name: nextcloud-headers
namespace: nextcloud
tls:
secretName: nextcloud-prod.allarddcs.nl
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-headers
namespace: nextcloud
spec:
headers:
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
customRequestHeaders:
X-Forwarded-Proto: "https"
Connection: "Upgrade"
Upgrade: "websocket"
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-https
namespace: nextcloud
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-well-known-redirect
namespace: nextcloud
spec:
redirectRegex:
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
permanent: true
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nextcloud-pv
spec:
storageClassName: ""
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/nextcloud
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-pvc
namespace: nextcloud
spec:
storageClassName: ""
volumeName: nextcloud-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 10Gi

12
prod/nextcloud/spreed-certificate/spreed-certificate.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: spreed-prod.allarddcs.nl
namespace: nextcloud
spec:
secretName: spreed-prod.allarddcs.nl
issuerRef:
name: letsencrypt
kind: ClusterIssuer
dnsNames:
- spreed-prod.allarddcs.nl

152
prod/nextcloud/spreed.yaml Normal file
View File

@@ -0,0 +1,152 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: spreed-prod.allarddcs.nl
namespace: nextcloud
spec:
secretName: spreed-prod.allarddcs.nl
issuerRef:
name: letsencrypt
kind: ClusterIssuer
dnsNames:
- spreed-prod.allarddcs.nl
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: spreed
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: spreed
template:
metadata:
labels:
app: spreed
spec:
containers:
- name: spreed
image: ghcr.io/strukturag/nextcloud-spreed-signaling:latest
ports:
- containerPort: 3478
- containerPort: 5349
- containerPort: 8443
- containerPort: 8080
volumeMounts:
- mountPath: /var/run
name: spreed-socket
- mountPath: /etc/tls
name: spreed-prod-cert
readOnly: true
- name: spreed-config
mountPath: /config/server.conf # Mount location inside the container
subPath: server.conf # Ensure we only mount the file, not the entire directory
volumes:
- name: spreed-socket
emptyDir: {}
- name: spreed-prod-cert
secret:
secretName: spreed-prod.allarddcs.nl
- name: spreed-config
persistentVolumeClaim:
claimName: spreed-pvc
---
apiVersion: v1
kind: Service
metadata:
name: spreed
namespace: nextcloud
spec:
type: ClusterIP
selector:
app: spreed
ports:
- name: websocket-web
protocol: TCP
port: 8080
targetPort: 8080
- name: websocket
protocol: TCP
port: 8443
targetPort: 8443
- name: stun-port
protocol: TCP
port: 3478
targetPort: 3478
- name: signaling-port
protocol: TCP
port: 5349
targetPort: 5349
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: spreed-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/spreed
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: spreed-pvc
namespace: nextcloud
spec:
storageClassName: ""
volumeName: spreed-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: spreed
namespace: nextcloud
spec:
entryPoints:
- websecure
routes:
- match: Host(`spreed-prod.allarddcs.nl`)
kind: Rule
services:
- name: spreed
port: 8080
middlewares:
- name: websocket-headers
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: websocket-headers
namespace: nextcloud
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
Connection: "Upgrade"
Upgrade: "websocket"
accessControlAllowMethods:
- GET
- OPTIONS
- POST
accessControlAllowHeaders:
- "*"