apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: nextcloud finalizers: - resources-finalizer.argocd.argoproj.io spec: project: default source: repoURL: 'https://nextcloud.github.io/helm/' targetRevision: 8.*.* helm: parameters: - name: image.repository value: 'nextcloud' - name: image.flavor value: 'fpm' - name: ingress.className value: 'traefik' - name: nginx.enabled value: 'true' - name: 'ingress.enabled' value: 'true' - name: ingress.servicePort value: 'https' - name: phpClientHttpsFix.enabled value: 'true' - name: phpClientHttpsFix.protocol value: 'https' - name: nextcloud.host value: 'innocloud.innovation-hub-niedersachsen.de' - name: nextcloud.password value: 'InnoHubADMIN_2024!' - name: internalDatabase.enabled value: 'false' - name: redis.enabled value: 'true' - name: redis.auth.password value: 'redisInnoDBUser' - name: postgresql.enabled value: 'true' - name: postgresql.global.postgresql.auth.password value: 'pgInnoDBUser' - name: postgresql.primary.persistence.enabled value: 'true' - name: 'endpoint' value: 'innocloud.innovation-hub-niedersachsen.de' - name: ingress.hosts[0] value: 'innocloud.innovation-hub-niedersachsen.de' - name: 'ingress.tls[0].hosts[0]' value: 'innocloud.innovation-hub-niedersachsen.de' - name: 'ingress.tls[0].secretName' value: innocloud-tls - name: ingress.annotations.kubernetes\.io\/ingress\.class value: traefik - name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls value: 'true' forceString: true - name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.middlewares value: 'kube-system-hsts@kubernetescrd' - name: service\.annotations\.traefik\.ingress\.kubernetes\.io\/service\.sticky\.cookie value: 'true' - name: ingress.annotations.cert-manager\.io\/cluster-issuer value: lets-encrypt - name: persistence.enabled value: 'true' - name: persistence.nextcloudData.enabled value: 'true' - name: cronjob.enabled value: 'true' - name: nextcloud.mail.fromAddress value: 'admin' - name: nextcloud.mail.domain value: 'innovation-hub-niedersachsen.de' - name: nextcloud.mail.smtp.host value: '192.168.4.125' - name: nextcloud.mail.smtp.port value: '25' # AppAPI DinD Sidecar Configuration - name: nextcloud.extraSidecarContainers[0].name value: 'dind' - name: nextcloud.extraSidecarContainers[0].image value: 'docker:27-dind' - name: nextcloud.extraSidecarContainers[0].securityContext.privileged value: 'true' - name: nextcloud.extraSidecarContainers[0].env[0].name value: 'DOCKER_TLS_CERTDIR' - name: nextcloud.extraSidecarContainers[0].env[0].value value: '' - name: nextcloud.extraSidecarContainers[0].volumeMounts[0].name value: 'docker-sock' - name: nextcloud.extraSidecarContainers[0].volumeMounts[0].mountPath value: '/var/run' - name: nextcloud.extraSidecarContainers[0].volumeMounts[1].name value: 'dind-storage' - name: nextcloud.extraSidecarContainers[0].volumeMounts[1].mountPath value: '/var/lib/docker' # Extra Volumes für DinD - name: nextcloud.extraVolumes[0].name value: 'docker-sock' - name: nextcloud.extraVolumes[0].emptyDir value: '{}' - name: nextcloud.extraVolumes[1].name value: 'dind-storage' - name: nextcloud.extraVolumes[1].emptyDir value: '{}' # Mount Docker Socket in Nextcloud Container - name: nextcloud.extraVolumeMounts[0].name value: 'docker-sock' - name: nextcloud.extraVolumeMounts[0].mountPath value: '/var/run' chart: nextcloud destination: server: 'https://kubernetes.default.svc' namespace: nextcloud syncPolicy: managedNamespaceMetadata: labels: pod-security.kubernetes.io/enforce: "privileged" automated: selfHeal: true prune: true syncOptions: - CreateNamespace=true