diff --git a/nextcloud/restore/app.yml b/nextcloud/restore/app.yml
new file mode 100644
index 0000000000000000000000000000000000000000..18d4540f54a12ec5ddc871e8260a2d96db6e95ec
--- /dev/null
+++ b/nextcloud/restore/app.yml
@@ -0,0 +1,290 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ name: ${FQDN}-app
+ namespace: ${NS}
+spec:
+ ports:
+ - name: api
+ port: 9000
+ protocol: TCP
+ targetPort: api
+ selector:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: web
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ name: ${FQDN}-web
+ namespace: ${NS}
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app.kubernetes.io/component: web
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ annotations:
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/proxy-body-size: 100g
+ nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+ labels:
+ app.kubernetes.io/component: web
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ name: ${FQDN}-web
+ namespace: ${NS}
+spec:
+ rules:
+ - host: ${FQDN_DOTS}
+ http:
+ paths:
+ - backend:
+ serviceName: ${FQDN}-web
+ servicePort: http
+ path: /
+ tls:
+ - hosts:
+ - ${FQDN_DOTS}
+ secretName: ${FQDN}-tls
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ name: ${FQDN}-app
+ namespace: ${NS}
+spec:
+ progressDeadlineSeconds: 600
+ replicas: 2
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ spec:
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 20
+ preference:
+ matchExpressions:
+ - key: stateless
+ operator: In
+ values:
+ - "true"
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - ${FQDN}
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - app
+ containers:
+ - command:
+ - php-fpm
+ env:
+#cat ./version.php | grep 'array(' | cut -d\( -f2 | cut -d\) -f1 | sed 's/,/\./g'
+ - name: VERSION
+ value: ${NC_VERSION}
+ - name: INSTALLED
+ value: "true"
+ - name: OBJECTSTORE_S3_KEY
+ valueFrom:
+ secretKeyRef:
+ key: AWS_ACCESS_KEY_ID
+ name: ${FQDN}-s3
+ - name: OBJECTSTORE_S3_SECRET
+ valueFrom:
+ secretKeyRef:
+ key: AWS_SECRET_ACCESS_KEY
+ name: ${FQDN}-s3
+ - name: MAIL_FROM_ADDRESS
+ valueFrom:
+ secretKeyRef:
+ key: mail_from_address
+ name: ${NS}-smtp
+ - name: SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: ${NS}-smtp
+ - name: SMTP_NAME
+ valueFrom:
+ secretKeyRef:
+ key: username
+ name: ${NS}-smtp
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: nextcloud.pg-${PG_DOMAIN}.credentials
+ envFrom:
+ - secretRef:
+ name: ${FQDN}-app
+ image: libresh/nextcloud:${NC_IMAGE_TAG}
+ imagePullPolicy: Always
+ name: app
+ livenessProbe:
+ exec:
+ command:
+ - /php-fpm-healthcheck
+ initialDelaySeconds: 10
+ periodSeconds: 60
+ readinessProbe:
+ exec:
+ command:
+ - /php-fpm-healthcheck
+ initialDelaySeconds: 10
+ periodSeconds: 60
+ ports:
+ - containerPort: 9000
+ name: api
+ protocol: TCP
+ resources:
+ requests:
+ memory: "80Mi"
+ limits:
+ memory: "400Mi"
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ schedulerName: default-scheduler
+ securityContext:
+ fsGroup: 82
+ runAsGroup: 82
+ runAsUser: 82
+ terminationGracePeriodSeconds: 30
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: web
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ name: ${FQDN}-web
+ namespace: ${NS}
+spec:
+ progressDeadlineSeconds: 600
+ replicas: 2
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: web
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: web
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: Nextcloud
+ spec:
+ affinity:
+ podAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 10
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - ${FQDN}
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - app
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - ${FQDN}
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - web
+ containers:
+ - image: libresh/nextcloud:${NC_WEB_IMAGE_TAG}
+ imagePullPolicy: Always
+ name: web
+ ports:
+ - containerPort: 80
+ name: http
+ protocol: TCP
+ env:
+ - name: BACKEND_HOST
+ value: ${FQDN}-app
+ resources: {}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ schedulerName: default-scheduler
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
diff --git a/nextcloud/restore/pg.yml b/nextcloud/restore/pg.yml
new file mode 100644
index 0000000000000000000000000000000000000000..eef2a280a98d28e37c32dab207cf1b0c0b708b76
--- /dev/null
+++ b/nextcloud/restore/pg.yml
@@ -0,0 +1,69 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: zalando-postgres
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: zalando-postgres
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: zalando-postgres
+subjects:
+- kind: ServiceAccount
+ name: zalando-postgres
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: postgres-pod-config
+data:
+ AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
+ AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
+ AWS_S3_FORCE_PATH_STYLE: "true"
+ WAL_S3_BUCKET: ${NS}-dumps
+ AWS_ENDPOINT: ${S3_ENDPOINT_COLD}
+ WAL_S3_ENDPOINT: ${S3_ENDPOINT_COLD}
+ AWS_REGION: default
+ USE_WALE: "true"
+ USE_WALG_BACKUP: "true"
+ WALG_DISABLE_S3_SSE: "true"
+ BACKUP_SCHEDULE: "5 0 * * *"
+---
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+ name: pg-${PG_DOMAIN}
+spec:
+ clone:
+#https://postgres-operator.readthedocs.io/en/latest/user/#how-to-clone-an-existing-postgresql-cluster
+ uid: ""
+ cluster: ""
+ timestamp: "2022-01-19T12:00:00+00:00"
+ s3_endpoint: https://cold.minio.liiib.re
+ s3_access_key_id:
+ s3_secret_access_key:
+ s3_force_path_style: true
+ resources:
+ limits:
+ cpu: "2"
+ memory: 1000Mi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ teamId: "pg"
+ volume:
+ size: 4975Mi
+ storageClass: small
+ numberOfInstances: 2
+ users:
+ nextcloud: # database owner
+ - superuser
+ - createdb
+ databases:
+ nextcloud: nextcloud # dbname: owner
+ postgresql:
+ version: "12"