From 8b690d1a3571824855929954463265e03fe7031a Mon Sep 17 00:00:00 2001 From: Hugo Renard Date: Tue, 10 May 2022 11:54:25 +0200 Subject: [PATCH 1/3] merge nc pods + add healthcheck --- nextcloud/manifests/app.yml | 178 +++++++++--------------------------- 1 file changed, 43 insertions(+), 135 deletions(-) diff --git a/nextcloud/manifests/app.yml b/nextcloud/manifests/app.yml index b0791d1..d6b3d33 100644 --- a/nextcloud/manifests/app.yml +++ b/nextcloud/manifests/app.yml @@ -9,29 +9,6 @@ metadata: app.kubernetes.io/part-of: Nextcloud name: ${FQDN}-app namespace: ${NS} -spec: - ports: - - name: api - port: 9000 - protocol: TCP - targetPort: api - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: ${FQDN} - app.kubernetes.io/name: nextcloud - app.kubernetes.io/part-of: Nextcloud - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: web - app.kubernetes.io/instance: ${FQDN} - app.kubernetes.io/name: nextcloud - app.kubernetes.io/part-of: Nextcloud - name: ${FQDN}-web - namespace: ${NS} spec: ports: - name: http @@ -39,11 +16,10 @@ spec: protocol: TCP targetPort: http selector: - app.kubernetes.io/component: web + app.kubernetes.io/component: app app.kubernetes.io/instance: ${FQDN} app.kubernetes.io/name: nextcloud app.kubernetes.io/part-of: Nextcloud - sessionAffinity: None type: ClusterIP --- apiVersion: extensions/v1beta1 @@ -66,7 +42,7 @@ spec: http: paths: - backend: - serviceName: ${FQDN}-web + serviceName: ${FQDN}-app servicePort: http path: / tls: @@ -117,20 +93,36 @@ spec: operator: In values: - "true" - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - ${FQDN} - - key: app.kubernetes.io/component - operator: In - values: - - app containers: + - image: libresh/nextcloud:${NC_WEB_IMAGE_TAG} + imagePullPolicy: Always + name: web + ports: + - containerPort: 80 + name: http + protocol: TCP + env: + - name: BACKEND_HOST + value: localhost + livenessProbe: + httpGet: + path: /heartbeat + port: 80 + httpHeaders: + - name: Host + value: localhost + readinessProbe: + httpGet: + path: /heartbeat + port: 80 + httpHeaders: + - name: Host + value: localhost + resources: + requests: + memory: "80Mi" + limits: + memory: "400Mi" - command: ["/bin/sh"] args: - -c @@ -180,17 +172,19 @@ spec: imagePullPolicy: Always name: app livenessProbe: - exec: - command: - - /php-fpm-healthcheck - initialDelaySeconds: 10 - periodSeconds: 60 + httpGet: + path: /heartbeat + port: 80 + httpHeaders: + - name: Host + value: localhost readinessProbe: - exec: - command: - - /php-fpm-healthcheck - initialDelaySeconds: 10 - periodSeconds: 60 + httpGet: + path: /heartbeat + port: 80 + httpHeaders: + - name: Host + value: localhost ports: - containerPort: 9000 name: api @@ -205,92 +199,6 @@ spec: dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler - securityContext: - fsGroup: 82 - runAsGroup: 82 - runAsUser: 82 - terminationGracePeriodSeconds: 30 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: web - app.kubernetes.io/instance: ${FQDN} - app.kubernetes.io/name: nextcloud - app.kubernetes.io/part-of: Nextcloud - name: ${FQDN}-web - namespace: ${NS} -spec: - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: web - app.kubernetes.io/instance: ${FQDN} - app.kubernetes.io/name: nextcloud - app.kubernetes.io/part-of: Nextcloud - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: web - app.kubernetes.io/instance: ${FQDN} - app.kubernetes.io/name: nextcloud - app.kubernetes.io/part-of: Nextcloud - spec: - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 10 - podAffinityTerm: - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - ${FQDN} - - key: app.kubernetes.io/component - operator: In - values: - - app - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - ${FQDN} - - key: app.kubernetes.io/component - operator: In - values: - - web - containers: - - image: libresh/nextcloud:${NC_WEB_IMAGE_TAG} - imagePullPolicy: Always - name: web - ports: - - containerPort: 80 - name: http - protocol: TCP - env: - - name: BACKEND_HOST - value: ${FQDN}-app - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} terminationGracePeriodSeconds: 30 --- apiVersion: batch/v1beta1 -- GitLab From 3a5d59426ac0ea49615607dd009583fa37e86250 Mon Sep 17 00:00:00 2001 From: Hugo Renard Date: Tue, 10 May 2022 19:12:50 +0200 Subject: [PATCH 2/3] fix nc security context --- nextcloud/manifests/app.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nextcloud/manifests/app.yml b/nextcloud/manifests/app.yml index d6b3d33..e5f66c6 100644 --- a/nextcloud/manifests/app.yml +++ b/nextcloud/manifests/app.yml @@ -171,6 +171,9 @@ spec: image: libresh/nextcloud:${NC_IMAGE_TAG} imagePullPolicy: Always name: app + securityContext: + runAsUser: 82 + runAsGroup: 82 livenessProbe: httpGet: path: /heartbeat -- GitLab From 4bd21a4abb4f8df4e541e192edbc8a60c29cb157 Mon Sep 17 00:00:00 2001 From: Pierre Ozoux Date: Mon, 16 May 2022 16:16:04 +0000 Subject: [PATCH 3/3] Keeps exec probe. This is to make sure nginx does cache results from a well started php process. --- nextcloud/manifests/app.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/nextcloud/manifests/app.yml b/nextcloud/manifests/app.yml index e5f66c6..69af2ff 100644 --- a/nextcloud/manifests/app.yml +++ b/nextcloud/manifests/app.yml @@ -182,12 +182,9 @@ spec: - name: Host value: localhost readinessProbe: - httpGet: - path: /heartbeat - port: 80 - httpHeaders: - - name: Host - value: localhost + exec: + command: + - /php-fpm-healthcheck ports: - containerPort: 9000 name: api -- GitLab