Initial release

class/defaults.yml

@@ -1,4 +1,61 @@
 parameters:
   nextcloud:
     =_metadata: {}
+
     namespace: syn-nextcloud
+
+    charts:
+      nextcloud:
+        source: https://nextcloud.github.io/helm
+        version: v4.1.0
+
+    admin:
+      user: admin
+      password: changeme
+
+    ingress:
+      host: nextcloud.kube.home
+
+    mail:
+      enabled: false
+      fromAddress: user
+      domain: domain.com
+      smtp:
+        host: domain.com
+        secure: ssl
+        port: 465
+        authtype: LOGIN
+        name: user
+        password: pass
+
+    storage:
+      enabled: true
+      storageClass: null
+      accessMode: ReadWriteOnce
+      size: 10Gi
+      nextcloudData:
+        enabled: true
+        size: 50Gi
+
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 100m
+        memory: 128Mi
+
+    helmValues:
+      nextcloud:
+        host: ${nextcloud:ingress:host}
+        username: ${nextcloud:admin:user}
+        passowrd: ${nextcloud:admin:password}
+        mail: ${nextcloud:mail}
+      cronjob:
+        enabled: true
+      persistence: ${nextcloud:storage}
+      resources: ${nextcloud:resources}
+      metrics:
+        enabled: false
+        serviceMonitor:
+          enabled: true

class/nextcloud.yml

@@ -1,5 +1,11 @@
 parameters:
   kapitan:
+    dependencies:
+      - type: helm
+        source: ${nextcloud:charts:nextcloud:source}
+        chart_name: nextcloud
+        version: ${nextcloud:charts:nextcloud:version}
+        output_path: ${_base_directory}/helmcharts/nextcloud/${nextcloud:charts:nextcloud:version}/
     compile:
       - input_paths:
           - ${_base_directory}/component/app.jsonnet
@@ -9,3 +15,19 @@ parameters:
           - ${_base_directory}/component/main.jsonnet
         input_type: jsonnet
         output_path: nextcloud/
+      # Helmchart
+      - input_paths:
+          - ${_base_directory}/helmcharts/nextcloud/${nextcloud:charts:nextcloud:version}
+        input_type: helm
+        output_path: nextcloud/10_helmchart
+        helm_values: ${nextcloud:helmValues}
+        helm_params:
+          name: nextcloud
+          namespace: ${nextcloud:namespace}
+          dependency_update: true
+  commodore:
+    postprocess:
+      filters:
+        - type: jsonnet
+          path: nextcloud/10_helmchart/nextcloud/templates
+          filter: postprocess/patch_labels.jsonnet

component/main.jsonnet

@@ -1,10 +1,21 @@
 // main template for nextcloud
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
+local prom = import 'lib/prometheus.libsonnet';
 local inv = kap.inventory();
 // The hiera parameters for the component
 local params = inv.parameters.nextcloud;
+local hasPrometheus = std.member(inv.applications, 'prometheus');
+
+local namespace = kube.Namespace(params.namespace) {
+//   metadata+: {
+//     labels+: {
+//       'pod-security.kubernetes.io/enforce': 'restricted',
+//     },
+//   },
+};
 
 // Define outputs below
 {
+  '00_namespace': if hasPrometheus then prom.RegisterNamespace(namespace) else namespace,
 }

postprocess/patch_labels.jsonnet

@@ -0,0 +1,30 @@
+local com = import 'lib/commodore.libjsonnet';
+local inv = com.inventory();
+// The hiera parameters for the component
+local params = inv.parameters.nextcloud;
+
+local metadataPatch = {
+  metadata+: {
+    labels+: {
+      'app.kubernetes.io/managed-by': 'commodore',
+    },
+  },
+};
+
+local listTemplates = [
+  {
+    name: std.strReplace(name, '.yaml', ''),
+    manifest: com.yaml_load_all(std.extVar('output_path') + '/' + name),
+  }
+  for name in com.list_dir(std.extVar('output_path'), basename=true)
+];
+
+local patchTemplate(manifest) = [
+  content + metadataPatch
+  for content in manifest
+];
+
+{
+  [template.name]: patchTemplate(template.manifest)
+  for template in listTemplates
+}

tests/defaults.yml

@@ -1,3 +1,12 @@
-# Overwrite parameters here
+applications:
+  - prometheus
 
-# parameters: {...}
+parameters:
+  kapitan:
+    dependencies:
+      - type: https
+        source: https://raw.githubusercontent.com/projectsyn/component-prometheus/master/lib/prometheus.libsonnet
+        output_path: vendor/lib/prometheus.libsonnet
+
+  prometheus:
+    defaultInstance: system

tests/golden/defaults/nextcloud/nextcloud/00_namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations: {}
+  labels:
+    monitoring.syn.tools/system: 'true'
+    name: syn-nextcloud
+  name: syn-nextcloud

tests/golden/defaults/nextcloud/nextcloud/10_helmchart/nextcloud/templates/deployment.yaml

@@ -0,0 +1,161 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: nextcloud
+    helm.sh/chart: nextcloud-4.1.0
+  name: nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: nextcloud
+      app.kubernetes.io/name: nextcloud
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        nextcloud-config-hash: a5aae02b1b8278a9c8a2dc143e82d3737fc295f62c34afd617207f37d1b2b438
+        php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
+      labels:
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: nextcloud
+        app.kubernetes.io/name: nextcloud
+    spec:
+      containers:
+        - env:
+            - name: SQLITE_DATABASE
+              value: nextcloud
+            - name: NEXTCLOUD_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  key: nextcloud-username
+                  name: nextcloud
+            - name: NEXTCLOUD_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: nextcloud-password
+                  name: nextcloud
+            - name: NEXTCLOUD_TRUSTED_DOMAINS
+              value: nextcloud.kube.home
+            - name: NEXTCLOUD_DATA_DIR
+              value: /var/www/html/data
+          image: nextcloud:27.0.2-apache
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              httpHeaders:
+                - name: Host
+                  value: nextcloud.kube.home
+              path: /status.php
+              port: 80
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: nextcloud
+          ports:
+            - containerPort: 80
+              name: http
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              httpHeaders:
+                - name: Host
+                  value: nextcloud.kube.home
+              path: /status.php
+              port: 80
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 100m
+              memory: 128Mi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          volumeMounts:
+            - mountPath: /var/www/
+              name: nextcloud-main
+              subPath: root
+            - mountPath: /var/www/html
+              name: nextcloud-main
+              subPath: html
+            - mountPath: /var/www/html/data
+              name: nextcloud-data
+              subPath: data
+            - mountPath: /var/www/html/config
+              name: nextcloud-main
+              subPath: config
+            - mountPath: /var/www/html/custom_apps
+              name: nextcloud-main
+              subPath: custom_apps
+            - mountPath: /var/www/tmp
+              name: nextcloud-main
+              subPath: tmp
+            - mountPath: /var/www/html/themes
+              name: nextcloud-main
+              subPath: themes
+        - command:
+            - /cron.sh
+          env:
+            - name: SQLITE_DATABASE
+              value: nextcloud
+            - name: NEXTCLOUD_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  key: nextcloud-username
+                  name: nextcloud
+            - name: NEXTCLOUD_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: nextcloud-password
+                  name: nextcloud
+            - name: NEXTCLOUD_TRUSTED_DOMAINS
+              value: nextcloud.kube.home
+            - name: NEXTCLOUD_DATA_DIR
+              value: /var/www/html/data
+          image: nextcloud:27.0.2-apache
+          imagePullPolicy: IfNotPresent
+          name: nextcloud-cron
+          resources: {}
+          volumeMounts:
+            - mountPath: /var/www/
+              name: nextcloud-main
+              subPath: root
+            - mountPath: /var/www/html
+              name: nextcloud-main
+              subPath: html
+            - mountPath: /var/www/html/data
+              name: nextcloud-data
+              subPath: data
+            - mountPath: /var/www/html/config
+              name: nextcloud-main
+              subPath: config
+            - mountPath: /var/www/html/custom_apps
+              name: nextcloud-main
+              subPath: custom_apps
+            - mountPath: /var/www/tmp
+              name: nextcloud-main
+              subPath: tmp
+            - mountPath: /var/www/html/themes
+              name: nextcloud-main
+              subPath: themes
+      securityContext:
+        fsGroup: 33
+      volumes:
+        - name: nextcloud-main
+          persistentVolumeClaim:
+            claimName: nextcloud-nextcloud
+        - name: nextcloud-data
+          persistentVolumeClaim:
+            claimName: nextcloud-nextcloud-data

tests/golden/defaults/nextcloud/nextcloud/10_helmchart/nextcloud/templates/nextcloud-data-pvc.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: nextcloud
+    helm.sh/chart: nextcloud-4.1.0
+  name: nextcloud-nextcloud-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi

tests/golden/defaults/nextcloud/nextcloud/10_helmchart/nextcloud/templates/nextcloud-pvc.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: nextcloud
+    helm.sh/chart: nextcloud-4.1.0
+  name: nextcloud-nextcloud
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

tests/golden/defaults/nextcloud/nextcloud/10_helmchart/nextcloud/templates/secrets.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+data:
+  nextcloud-password: Y2hhbmdlbWU=
+  nextcloud-token: aVFOQnhpVFQzdg==
+  nextcloud-username: YWRtaW4=
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: nextcloud
+    helm.sh/chart: nextcloud-4.1.0
+  name: nextcloud
+type: Opaque