nextcloud
diff --git a/‎.github/workflows/lint-test.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/lint-test.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎charts/nextcloud/CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎charts/nextcloud/CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎charts/nextcloud/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/nextcloud/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/nextcloud/README.md‎
Lines changed: 33 additions & 0 deletions b/‎charts/nextcloud/README.md‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎charts/nextcloud/files/notify_push.sh.tpl‎
Lines changed: 8 additions & 0 deletions b/‎charts/nextcloud/files/notify_push.sh.tpl‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎charts/nextcloud/templates/_helpers.tpl‎
Lines changed: 74 additions & 47 deletions b/‎charts/nextcloud/templates/_helpers.tpl‎
Lines changed: 74 additions & 47 deletions
diff --git a/‎charts/nextcloud/templates/db-secret.yaml‎
Lines changed: 12 additions & 6 deletions b/‎charts/nextcloud/templates/db-secret.yaml‎
Lines changed: 12 additions & 6 deletions
diff --git a/‎charts/nextcloud/templates/deployment.yaml‎
Lines changed: 20 additions & 20 deletions b/‎charts/nextcloud/templates/deployment.yaml‎
Lines changed: 20 additions & 20 deletions
diff --git a/‎charts/nextcloud/templates/ingress.yaml‎
Lines changed: 9 additions & 0 deletions b/‎charts/nextcloud/templates/ingress.yaml‎
Lines changed: 9 additions & 0 deletions
@@ -83,6 +83,10 @@ jobs:
           - name: Horizontal Pod Autoscaling Enabled
             helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/hpa.yaml"'
 
+          # test the helm chart with notify push enabled
+          - name: Notify Push Enabled
+            helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/notify_push.yaml"'
+
           # test the helm chart with s3 as the primary storage
           - name: S3 Enabled as Primary Storage
             # we need to skip the clean up so we can test adding a file
 
@@ -4,6 +4,9 @@ This Helm-Chart increase there major version on every breaking change (or major
 
 Here we list all major versions and their breaking changes for migration.
 
+## v9
+- move `metrics.serviceMonitor` to `prometheus.serviceMonitor`: It us used for nextcloud-exporter and notify-push
+
 ## v8
 - `cronjob.command` was renamed to `cronjob.sidecar.command` to avoid confusion with the cronjob command. Please update your `values.yaml` accordingly.
 
 
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nextcloud
-version: 8.5.1
+version: 9.2.0
 # renovate: image=docker.io/library/nextcloud
 appVersion: 32.0.1
 description: A file sharing server that puts the control and security of your own data back into your hands.
 
@@ -29,6 +29,7 @@ helm install my-release nextcloud/nextcloud
     * [Headers set on NGINX](#headers-set-on-nginx)
     * [Probes Configurations](#probes-configurations)
     * [Collabora Configuration](#collabora-configuration)
+    * [Notify Push](#notify-push)
     * [Imaginary](#imaginary)
 * [Cron jobs](#cron-jobs)
 * [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
@@ -529,6 +530,38 @@ The nextcloud deployment includes a series of different probes you can use to de
 > [!Note]
 > If you are getting errors on initialization (such as `Fatal error: require_once(): Failed opening required '/var/www/html/lib/versioncheck.php'`, but you can get other errors as well), a good first step is to try and enable the startupProbe and/or increase the `initialDelaySeconds` for the `livenessProbe` and `readinessProbe` to something much greater (consider using `120` seconds instead of `10`. This is an especially good idea if your cluster is running on older hardware, has a slow internet connection, or you're using a slower storage class, such as NFS that's running with older disks or a slow connection.
 
+### Notify Push
+
+We include an optional Client Push [nextcloud/notify_push](https://github.com/nextcloud/notify_push).
+
+
+| Parameter                              | Description                                                                      | Default                |
+|----------------------------------------|----------------------------------------------------------------------------------|------------------------|
+| `notifyPush.enabled`                   | Enable another deployment to handle notify_push (sometimes called ClientPush)    | `false`                |
+| `notifyPush.autoSetup`                 | Setup notify_push on nextcloud per docker-entrypoint-hooks before start          | `false`                |
+| `notifyPush.replicaCount`              | Number of notify-push pod replicas to deploy                                     | `1`                    |
+| `notifyPush.image.registry`            | notify-push image registry                                                       | `docker.io`            |
+| `notifyPush.image.repository`          | notify-push image name                                                           | `miles170/notify_push` |
+| `notifyPush.image.tag`                 | notify-push image tag                                                            | `v0.7.0`               |
+| `notifyPush.image.pullPolicy`          | notify-push image pull policy                                                    | `IfNotPresent`         |
+| `notifyPush.image.pullSecrets`         | notify-push image pull secrets                                                   | `[]`                   |
+| `notifyPush.extraEnv`                  | option additional env (if a external redis is used, you need to set REDIS_URL)   | `""`                   |
+| `notifyPush.podAnnotations`            | Additional annotations for notify-push pods                                      | `{}`                   |
+| `notifyPush.podLabels`                 | Additional labels for notify-push pods                                           | `{}`                   |
+| `notifyPush.podSecurityContext`        | Optional security context for the notify-push pod                                | `nil`                  |
+| `notifyPush.securityContext`           | Optional security context for the notify-push container                          | `nil`                  |
+| `notifyPush.resources`                 | notify-push resources                                                            | `{}`                   |
+| `notifyPush.service.type`              | notify-push: Kubernetes Service type                                             | `ClusterIP`            |
+| `notifyPush.service.loadBalancerIP`    | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `nil`                  |
+| `notifyPush.service.nodePort`          | notify-push: NodePort for service type NodePort                                  | `nil`                  |
+| `notifyPush.service.annotations`       | Additional annotations for service notify-push                                   | `{}`                   |
+| `notifyPush.service.labels`            | Additional labels for service notify-push                                        | `{}`                   |
+| `notifyPush.ingress.path`              | Add path in default ingress to notify_push service                               | `/push`                |
+| `notifyPush.ingress.pathType`          | PathType for additional path in default ingress for notify-push path             | `Prefix`               |
+
+> [!Note]
+> notify-push needs an redis (`redis.enabled=true` or `notifyPush.extraEnv=[{name:"REDIS_URL",...}]` )
+
 ### Collabora Configuration
 
 This section provides options to enable and configure the Collabora Online server within your deployment. Please ensure to review the [Collabora Online Helm chart documentation](https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online) for additional details and recommended values.
 
@@ -0,0 +1,8 @@
+#!/bin/sh
+/var/www/html/occ app:enable notify_push
+/var/www/html/occ config:app:set notify_push base_endpoint --value="http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}"
+{{/*
+The command "setup" runs a check, which need a running nextcloud (but we try to configurate it during startup).
+So that command always failure and we stuck in bootloop.
+/var/www/html/occ notify_push:setup "http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}"
+*/}}
@@ -64,11 +64,7 @@ Create image name that is used in the deployment
 {{/*
 Create environment variables used to configure the nextcloud container as well as the cron sidecar container.
 */}}
-{{- define "nextcloud.env" -}}
-{{- if .Values.phpClientHttpsFix.enabled }}
-- name: OVERWRITEPROTOCOL
-  value: {{ .Values.phpClientHttpsFix.protocol | quote }}
-{{- end }}
+{{- define "nextcloud.env.database" -}}
 {{- if .Values.internalDatabase.enabled }}
 - name: SQLITE_DATABASE
   value: {{ .Values.internalDatabase.name | quote }}
@@ -87,6 +83,8 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
+- name: DATABASE_URL
+  value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)"
 {{- else if .Values.postgresql.enabled }}
 - name: POSTGRES_HOST
   value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }}
@@ -106,7 +104,9 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
-{{- else }}
+- name: DATABASE_URL
+  value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)"
+{{- else }}{{/* mariadb.enable or postgresql.enabled -> now external */}}
   {{- if eq .Values.externalDatabase.type "postgresql" }}
 - name: POSTGRES_HOST
   {{- if .Values.externalDatabase.existingSecret.hostKey }}
@@ -136,7 +136,9 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
-  {{- else }}
+- name: DATABASE_URL
+  value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)"
+  {{- else }}{{/* external.type = postgresql  */}}
 - name: MYSQL_HOST
   {{- if .Values.externalDatabase.existingSecret.hostKey }}
   valueFrom:
@@ -165,8 +167,72 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
-  {{- end }}
+- name: DATABASE_URL
+  value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)"
+  {{- end }}{{/* external.type = postgresql */}}
+{{- end }}{{/* not mariadb.enable or postgresql.enabled -> just external*/}}
+{{- end }}
+
+{{/*
+Redis env vars
+*/}}
+{{- define "nextcloud.env.redis" -}}
+{{- if .Values.redis.enabled }}
+- name: REDIS_HOST
+  value: {{ template "nextcloud.redis.fullname" . }}-master
+- name: REDIS_HOST_PORT
+  value: {{ .Values.redis.master.service.ports.redis | quote }}
+{{- if .Values.redis.auth.enabled }}
+{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }}
+- name: REDIS_HOST_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.redis.auth.existingSecret }}
+      key: {{ .Values.redis.auth.existingSecretPasswordKey }}
+{{- else }}
+- name: REDIS_HOST_PASSWORD
+  value: {{ .Values.redis.auth.password }}
+{{- end }}
+{{- end }}
+{{- else if .Values.externalRedis.enabled }}
+- name: REDIS_HOST
+  value: {{ .Values.externalRedis.host | quote }}
+- name: REDIS_HOST_PORT
+  value: {{ .Values.externalRedis.port | quote }}
+{{- if .Values.externalRedis.existingSecret.enabled }}
+{{- if and .Values.externalRedis.existingSecret.secretName .Values.externalRedis.existingSecret.passwordKey }}
+- name: REDIS_HOST_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.externalRedis.existingSecret.secretName | quote }}
+      key: {{ .Values.externalRedis.existingSecret.passwordKey | quote }}
+{{- end }}
+{{- else if .Values.externalRedis.password }}
+- name: REDIS_HOST_PASSWORD
+  value: {{ .Values.externalRedis.password | quote }}
 {{- end }}
+{{- end }}{{/* end-of redis-enabled*/}}
+{{- if or
+  (and .Values.redis.auth.enabled .Values.redis.auth.password)
+  (and .Values.redis.auth.enabled .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey)
+  (and .Values.externalRedis.enabled .Values.externalRedis.existingSecret.secretName .Values.externalRedis.existingSecret.passwordKey)
+  (and .Values.externalRedis.enabled .Values.externalRedis.password)
+}}
+- name: REDIS_URL
+  value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST):$(REDIS_HOST_PORT)"
+{{- else }}
+- name: REDIS_URL
+  value: "redis://$(REDIS_HOST):$(REDIS_HOST_PORT)"
+{{- end }}{{/* end-of redis-url*/}}
+{{- end }}{{/* end-of env.redis definition */}}
+
+{{- define "nextcloud.env" -}}
+{{- if .Values.phpClientHttpsFix.enabled }}
+- name: OVERWRITEPROTOCOL
+  value: {{ .Values.phpClientHttpsFix.protocol | quote }}
+{{- end }}
+{{- template "nextcloud.env.database" . }}
+{{- template "nextcloud.env.redis" . }}
 - name: NEXTCLOUD_ADMIN_USER
   valueFrom:
     secretKeyRef:
@@ -217,44 +283,6 @@ Create environment variables used to configure the nextcloud container as well a
       key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey }}
 {{- end }}
 {{/*
-Redis env vars
-*/}}
-{{- if .Values.redis.enabled }}
-- name: REDIS_HOST
-  value: {{ template "nextcloud.redis.fullname" . }}-master
-- name: REDIS_HOST_PORT
-  value: {{ .Values.redis.master.service.ports.redis | quote }}
-{{- if .Values.redis.auth.enabled }}
-{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }}
-- name: REDIS_HOST_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.redis.auth.existingSecret }}
-      key: {{ .Values.redis.auth.existingSecretPasswordKey }}
-{{- else }}
-- name: REDIS_HOST_PASSWORD
-  value: {{ .Values.redis.auth.password }}
-{{- end }}
-{{- end }}
-{{- else if .Values.externalRedis.enabled }}
-- name: REDIS_HOST
-  value: {{ .Values.externalRedis.host | quote }}
-- name: REDIS_HOST_PORT
-  value: {{ .Values.externalRedis.port | quote }}
-{{- if .Values.externalRedis.existingSecret.enabled }}
-{{- if and .Values.externalRedis.existingSecret.secretName .Values.externalRedis.existingSecret.passwordKey }}
-- name: REDIS_HOST_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.externalRedis.existingSecret.secretName | quote }}
-      key: {{ .Values.externalRedis.existingSecret.passwordKey | quote }}
-{{- end }}
-{{- else if .Values.externalRedis.password }}
-- name: REDIS_HOST_PASSWORD
-  value: {{ .Values.externalRedis.password | quote }}
-{{- end }}
-{{- end }}{{/* end if redis.enabled */}}
-{{/*
 S3 as primary object store env vars
 */}}
 {{- if .Values.nextcloud.objectStore.s3.enabled }}
@@ -359,7 +387,6 @@ Swift as primary object store env vars
 {{- end }}
 {{- end -}}
 
-
 {{/*
 Create volume mounts for the nextcloud container as well as the cron sidecar container.
 */}}
 
@@ -10,14 +10,20 @@ metadata:
 type: Opaque
 data:
   {{- if .Values.mariadb.enabled }}
-  db-username: {{ .Values.mariadb.auth.username | b64enc | quote }}
-  db-password: {{ .Values.mariadb.auth.password | b64enc | quote }}
+  {{- with .Values.mariadb.auth }}
+  db-username: {{ .username | b64enc | quote }}
+  db-password: {{ .password | b64enc | quote }}
+  {{- end }}
   {{- else if .Values.postgresql.enabled }}
-  db-username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }}
-  db-password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }}
+  {{- with .Values.postgresql.global.postgresql.auth }}
+  db-username: {{ .username | b64enc | quote }}
+  db-password: {{ .password | b64enc | quote }}
+  {{- end }}
   {{- else }}
-  db-username: {{ .Values.externalDatabase.user | b64enc | quote }}
-  db-password: {{ .Values.externalDatabase.password | b64enc | quote }}
+  {{- with .Values.externalDatabase }}
+  db-username: {{ .user | b64enc | quote }}
+  db-password: {{ .password | b64enc | quote }}
+  {{- end }}
   {{- end }}
 {{- end }}
 {{- end }}
@@ -77,6 +77,12 @@ spec:
           {{- end }}
           volumeMounts:
             {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }}
+            {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }}
+            - name: nextcloud-notify-hooks
+              mountPath: /docker-entrypoint-hooks.d/before-starting/notify_push.sh
+              subPath: notify_push.sh
+              readOnly: true
+            {{- end }}
             {{- range $hook, $shell := .Values.nextcloud.hooks }}
             {{- if $shell }}
             - name: nextcloud-hooks
@@ -288,45 +294,30 @@ spec:
         {{- end }}
         {{- if .Values.mariadb.enabled }}
         - name: mariadb-isalive
-          image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
+          image: {{ .Values.mariadb.image.registry }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
           {{- with .Values.nextcloud.mariaDbInitContainer }}
           resources:
             {{- toYaml .resources | nindent 12 }}
           securityContext:
             {{- toYaml .securityContext | nindent 12 }}
           {{- end }}
           env:
-            - name: MYSQL_USER
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
-                  key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
-            - name: MYSQL_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
-                  key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
+            {{- include "nextcloud.env.database" . | nindent 12 }} 
           command:
             - "sh"
             - "-c"
-            - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }}
+            - {{ printf "until mysql --host=${MYSQL_HOST} --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" }}
         {{- else if .Values.postgresql.enabled }}
         - name: postgresql-isready
-          image: {{ .Values.postgresql.image.registry | default "docker.io"  }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
+          image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
           {{- with .Values.nextcloud.postgreSqlInitContainer }}
           resources:
             {{- toYaml .resources | nindent 12 }}
           securityContext:
             {{- toYaml .securityContext | nindent 12 }}
           {{- end }}
           env:
-            - name: POSTGRES_USER
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
-                  key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
-            - name: POSTGRES_HOST
-              value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }}
+            {{- include "nextcloud.env.database" . | nindent 12 }} 
           command:
             - "sh"
             - "-c"
@@ -373,6 +364,15 @@ spec:
           configMap:
             name: {{ template "nextcloud.fullname" . }}-nginxconfig
         {{- end }}
+        {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }}
+        - name: nextcloud-notify-hooks
+          configMap:
+            name: {{ template "nextcloud.fullname" . }}-notify-push
+            defaultMode: 0o755
+            items:
+              - key: hook.sh
+                path: notify_push.sh
+        {{- end }}
         {{- if not (values .Values.nextcloud.hooks | compact | empty) }}
         - name: nextcloud-hooks
           configMap:
 
@@ -35,6 +35,15 @@ spec:
               serviceName: {{ template "nextcloud.fullname" . }}
               servicePort: {{ .Values.service.port }}
               {{- end }}
+          {{- if .Values.notifyPush.enabled }}
+          - path: {{ .Values.notifyPush.ingress.path }}
+            pathType: {{ .Values.notifyPush.ingress.pathType }}
+            backend:
+              service:
+                name: {{ template "nextcloud.fullname" . }}-notify-push
+                port:
+                  name: http
+          {{- end }}
   {{- with .Values.ingress.tls }}
   tls:
     {{- toYaml . | nindent 4 }}