nextcloud helm

No introduction found. Create it?

Install

Install with:

helm repo add nextcloud https://nextcloud.github.io/helm/
helm install nextcloud nextcloud/nextcloud -f values.yaml

Examples

See examples from other people.

Top Repositories (3 out of 23)

NameRepoStarsVersionTimestamp
nextcloudharaldkoch/kochhaus-home1366.6.102 hours ago
nextcloudangelnu/k8s-gitops1666.6.9a month ago
nextcloudbudimanjojo/home-cluster1936.6.9a month ago

Resources

150Mi204Mi250Mi256Mi300Mi500Mi512Mi536Mi1024Mi4096Mi
363Mi1000Mi2000Mi2048Mi4096Mi5120Mi8192Mi10240Mi
17m34m50m100m150m200m250m500m

Values

See the most popular values for this chart:

KeyTypes
internalDatabase.enabled (23)
false
boolean
nextcloud.host (23)
cloud.${SECRET_DOMAIN}
string
nextcloud.existingSecret.enabled (17)
true
boolean, string
nextcloud.existingSecret.secretName (17)
nextcloud-secret
string
nextcloud.existingSecret.passwordKey (10)
ADMIN_PASS
string
nextcloud.existingSecret.usernameKey (10)
ADMIN_USER
string
nextcloud.existingSecret.tokenKey (6)
METRICS_TOKEN
string
nextcloud.existingSecret.smtpHostKey (5)
SMTP_HOST
string
nextcloud.existingSecret.smtpPasswordKey (5)
SMTP_PASSWORD
string
nextcloud.existingSecret.smtpUsernameKey (5)
SMTP_USERNAME
string
nextcloud.mail.enabled (13)
true
boolean
nextcloud.mail.domain (11)
${SECRET_DOMAIN}
string
nextcloud.mail.fromAddress (11)
nextcloud
string
nextcloud.mail.smtp.port (10)
465
number, string
nextcloud.mail.smtp.secure (8)

string
nextcloud.mail.smtp.authtype (5)
LOGIN
string
nextcloud.mail.smtp.host (5)
smtp-relay.default.svc.cluster.local
string
nextcloud.mail.smtp.name (1)

string
nextcloud.mail.smtp.password (1)

string
nextcloud.extraEnv[].name (12)
REDIS_HOST
REDIS_HOST_PORT
string
nextcloud.extraEnv[].value (11)
2G
0
string
nextcloud.extraEnv[].valueFrom.secretKeyRef.key (7)
REDIS_HOST
REDIS_PORT
REDIS_DB
S3_BUCKET
S3_ACCESS_KEY
S3_SECRET_KEY
OIDC_CLIENT_PASSWORD
OIDC_CLIENT_ID
string
nextcloud.extraEnv[].valueFrom.secretKeyRef.name (7)
nextcloud-secret
nextcloud-secret
nextcloud-secret
string
nextcloud.extraInitContainers[].image (12)
alpine:3.21.3
alpine:3.21.3
string
nextcloud.extraInitContainers[].name (12)
init-db
string
nextcloud.extraInitContainers[].envFrom[].secretRef.name (10)
nextcloud-secret
string
nextcloud.extraInitContainers[].imagePullPolicy (4)
IfNotPresent
IfNotPresent
string
nextcloud.extraInitContainers[].args[] (2)
- -c
- until nc -w 1 -v $POSTGRES_HOST; do echo "Waiting for database"; done
- -c
- until nc -w 1 -v $REDIS_HOST:$REDIS_PORT; do echo "Waiting for Redis"; done
string
nextcloud.extraInitContainers[].command[] (2)
- sh
- sh
string
nextcloud.extraInitContainers[].env[].name (2)
POSTGRES_HOST
REDIS_HOST
REDIS_PORT
string
nextcloud.extraInitContainers[].env[].value (1)
pgo-cluster-primary.default.svc
redis
6379
string
nextcloud.extraInitContainers[].env[].valueFrom.secretKeyRef.key (1)
POSTGRES_HOST
REDIS_HOST
REDIS_PORT
string
nextcloud.extraInitContainers[].env[].valueFrom.secretKeyRef.name (1)
nextcloud-secret
nextcloud-secret
nextcloud-secret
string
nextcloud.phpConfigs."uploadLimit.ini" (9)
upload_max_filesize = 16G post_max_size = 16G max_input_time = 3600 max_execution_time = 3600
string
nextcloud.phpConfigs."www.conf" (4)
[www] user = www-data group = www-data listen = 127.0.0.1:9000 pm = dynamic pm.max_children = 57 pm.start_servers = 14 pm.min_spare_servers = 14 pm.max_spare_servers = 42 pm.max_requests = 500 pm.process_idle_timeout = 10s
string
nextcloud.phpConfigs."override_max_file_size.ini" (2)
upload_max_filesize=16G post_max_size=16G
string
nextcloud.phpConfigs."custom.config.php" (1)
<?php $CONFIG = array( "check_data_directory_permissions"=> false, # fix data directory permissions error "trusted_domains" => array ( $_ENV["NEXTCLOUD_TRUSTED_DOMAINS"], # fix probes 400 error ), );
string
nextcloud.phpConfigs."custom.ini" (1)
memory_limit=512M upload_max_filesize=16G post_max_size=16G max_execution_time=3600 max_input_time=3600
string
nextcloud.configs."proxy.config.php" (8)
<?php $CONFIG = array ( 'trusted_proxies' => array( 0 => '127.0.0.1', 1 => '10.96.0.0/16', 2 => '10.69.0.0/16', ), 'trusted_domains' => array( 0 => '127.0.0.1', 1 => 'cloud.${SECRET_DOMAIN}', ), 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'), );
string
nextcloud.configs."local.config.php" (5)
<?php $CONFIG = array ( 'trusted_proxies' => array ( 0 => '127.0.0.1', 1 => '172.16.0.0/16', 2 => '10.96.0.0/16', 3 => '10.69.0.0/16', ), 'trusted_domains' => [ 'nextcloud', 'nextcloud.selfhosted', 'nextcloud.${SECRET_DOMAIN}' ], 'forwarded_for_headers' => array ( 0 => 'HTTP_X_FORWARDED_FOR', 1 => 'X-Forwarded-For', ), 'default_timezone' => '${TIMEZONE}', 'default_phone_region' => 'US', 'trashbin_retention_obligation' => 'auto, 30', 'auth.bruteforce.protection.enabled' => true, );
string
nextcloud.configs."redis.config.php" (5)
<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\Redis', 'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'dragonfly.database.svc.cluster.local', 'port' => 6379, 'dbindex' => 2, 'timeout' => 1, 'read_timeout' => 1, ) );
string
nextcloud.configs."custom.config.php" (4)
<?php $CONFIG = array ( 'overwriteprotocol' => 'https', 'overwrite.cli.url' => 'https://nc.${SECRET_DOMAIN}', 'filelocking.enabled' => 'true', 'loglevel' => '2', 'enable_previews' => true, 'trusted_domains' => [ 'nextcloud', 'nc.${SECRET_DOMAIN}' ], 'trusted_proxies' => [ '10.69.0.0/16', ], 'forwarded_for_headers' => [ 0 => 'X-Forwarded-For', 1 => 'HTTP_X_FORWARDED_FOR' ], 'default_phone_region' => 'SE', 'allow_local_remote_servers' => true, 'bulkupload.enabled' => true, );
string
nextcloud.configs."misc.config.php" (4)
<?php $CONFIG = array ( 'default_phone_region' => 'NZ', 'maintenance_window_start' => 2, );
string
nextcloud.configs."sso.config.php" (4)
<?php $CONFIG = array ( 'allow_user_to_change_display_name' => false, 'lost_password_link' => 'disabled', 'oidc_login_client_id' => getenv('OIDC_CLIENT_ID'), 'oidc_login_client_secret' => getenv('OIDC_CLIENT_PASSWORD'), 'oidc_login_provider_url' => 'https://sso.${SECRET_DOMAIN}/application/o/nextcloud/', 'oidc_login_end_session_redirect' => true, 'oidc_login_logout_url' => 'https://sso.${SECRET_DOMAIN}/application/o/nextcloud/end-session/', 'oidc_login_default_quota' => '1000000000', 'oidc_login_button_text' => 'Authentik SSO', 'oidc_login_hide_password_form' => false, 'oidc_login_attributes' => array ( 'id' => 'sub', 'name' => 'name', 'mail' => 'email', ), 'oidc_create_groups' => true, 'oidc_login_code_challenge_method' => 'S256', 'oidc_login_auto_redirect' => true, 'oidc_login_webdav_enabled' => true, 'oidc_login_disable_registration' => false, );
string
nextcloud.configs."ingress.config.php" (3)
<?php $CONFIG = array ( 'overwrite.cli.url' => 'https://nextcloud.${SECRET_DOMAIN}', 'overwriteprotocol' => 'https', 'allow_local_remote_servers' => true );
string
nextcloud.configs."logging.config.php" (3)
<?php $CONFIG = array ( 'log_type' => 'file', 'logfile' => 'nextcloud.log', 'loglevel' => 0, 'logdateformat' => 'F d, Y H:i:s' );
string
nextcloud.configs."bulkupload.config.php" (2)
<?php $CONFIG = array ( 'bulkupload.enabled' => false, );
string
nextcloud.configs."gitops.config.php" (2)
<?php $CONFIG = array ( 'appstoreenabled' => true, #'appstoreurl' => 'https://apps.nextcloud.com/api/v0', 'mail_domain' => '${CLUSTER_DOMAIN}', );
string
nextcloud.configs."s3.config.php" (2)
<?php $CONFIG = array ( 'objectstore' => array( 'class' => '\\OC\\Files\\ObjectStore\\S3', 'arguments' => array( 'hostname' => 's3.${SECRET_DOMAIN}', 'port' => 443, 'use_path_style' => true, 'bucket' => getenv('S3_BUCKET'), 'autocreate' => false, 'region' => 'us-east-1', 'key' => getenv('S3_ACCESS_KEY'), 'secret' => getenv('S3_SECRET_KEY'), 'use_ssl' => true, ), ), );
string
nextcloud.configs."fed-fixes.config.php" (1)
<?php $CONFIG = array ( "davstorage.request_timeout" => 200, );
string
nextcloud.configs."minio.config.php" (1)
<?php $CONFIG = array ( 'objectstore' => array( 'class' => '\\OC\\Files\\ObjectStore\\S3', 'arguments' => array( 'hostname' => 's3.hoohoot.org', 'port' => 443, 'use_path_style' => true, 'bucket' => 'nextcloud-data', 'autocreate' => false, 'key' => getenv('S3_ACCESS_KEY'), 'secret' => getenv('S3_SECRET_KEY'), 'use_ssl' => true, ), ), );
string
nextcloud.configs."previews.config.php" (1)
<?php $CONFIG = array ( 'preview_max_x' => 512, 'preview_max_y' => 512, 'enable_previews' => true, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\TXT', 1 => 'OC\\Preview\\Image', 2 => 'OC\\Preview\\Movie', 3 => 'OC\\Preview\\MP4', 4 => 'OC\\Preview\\HEIC', ), 'previewgenerator' => array ( 'squareSizes' => 256, 'widthSizes' => 512, 'heightSizes' => 512, ), );
string
nextcloud.configs."timezone.config.php" (1)
<?php $CONFIG = array ( 'default_timezone' => 'America/Santiago', );
string
nextcloud.configs."user_oidc.config.php" (1)
<?php $CONFIG = array ( 'user_oidc' => [ 'user_search_match_emails' => false, ], );
string
nextcloud.datadir (7)
/var/www/data
string
nextcloud.defaultConfigs."redis.config.php" (6)
false
boolean
nextcloud.defaultConfigs."apps.config.php" (5)
true
boolean
nextcloud.defaultConfigs."s3.config.php" (5)
false
boolean
nextcloud.defaultConfigs.".htaccess" (4)
true
boolean
nextcloud.defaultConfigs."apache-pretty-urls.config.php" (4)
true
boolean
nextcloud.defaultConfigs."apcu.config.php" (4)
true
boolean
nextcloud.defaultConfigs."autoconfig.php" (4)
false
boolean
nextcloud.defaultConfigs."smtp.config.php" (4)
true
boolean
nextcloud.defaultConfigs."imaginary.config.php" (3)
true
boolean
nextcloud.defaultConfigs."reverse-proxy.config.php" (3)
true
boolean
nextcloud.defaultConfigs."swift.config.php" (3)
false
boolean
nextcloud.defaultConfigs."upgrade-disable-web.config.php" (3)
true
boolean
nextcloud.securityContext.runAsGroup (6)
1022
number, string
nextcloud.securityContext.runAsNonRoot (6)
true
boolean
nextcloud.securityContext.runAsUser (6)
1022
number, string
nextcloud.securityContext.readOnlyRootFilesystem (3)
false
boolean
nextcloud.securityContext.fsGroup (1)
1000
number
nextcloud.securityContext.fsGroupChangePolicy (1)
OnRootMismatch
string
nextcloud.extraVolumes[].name (5)
nfs-video
nfs-software
nfs-music
nfs-downloads
esphome
string
nextcloud.extraVolumes[].nfs.path (3)
${NFS_VIDEO}
${NFS_SOFTWARE}
${NFS_MUSIC}
${NFS_DOWNLOADS}
string
nextcloud.extraVolumes[].nfs.server (3)
${NFS_SERVER}
${NFS_SERVER}
${NFS_SERVER}
${NFS_SERVER}
string
nextcloud.extraVolumes[].persistentVolumeClaim.claimName (2)
esphome-pvc
string
nextcloud.extraVolumes[].configMap.name (1)
nextcloud-cron-script
string
nextcloud.extraVolumes[].mountPath (1)
/var/cache/nginx
string
nextcloud.extraVolumes[].secret.secretName (1)
nextcloud-secrets
string
nextcloud.extraVolumeMounts[].mountPath (4)
/video
/software
/software/3D-printer/projects/Electronica/esphome_devices
/music
/downloads
string
nextcloud.extraVolumeMounts[].name (4)
nfs-video
nfs-software
esphome
nfs-music
nfs-downloads
string
nextcloud.extraVolumeMounts[].subPath (2)
devices
string
nextcloud.strategy.type (3)
Recreate
string
nextcloud.containerPort (1)
8080
number
nextcloud.hooks.before-starting (1)
# disable unneceserry apps for appname in activity circles systemtags federation privacy \ nextcloud_announcements announcementcenter support survey_client \ user_status weather_status dashboard do php occ app:disable "$appname" done # install openid user backend php occ app:enable user_oidc printf "setting up OIDC\n" php occ config:app:set --value=0 user_oidc allow_multiple_user_backends # unique ids break groups php occ user_oidc:provider Keycloak \ --clientid "$OIDC_CLIENT_ID" \ --clientsecret "$OIDC_CLIENT_SECRET" \ --discoveryuri "$OIDC_DISCOVERURL" \ --mapping-display-name preferred_username \ --unique-uid=0 \ --group-provisioning 1 # install apps for appname in spreed contacts calendar user_oidc bookmarks deck do php occ app:install "$appname" done # If app is installed already occ returns 1, script fails and container refuses to start true
string
nextcloud.hooks.post-installation (1)
printf "Add missing DB indices\n" php occ db:add-missing-indices
string
nextcloud.hooks.post-upgrade (1)
# based on https://github.com/nextcloud/all-in-one/blob/25c580bca370eaead5f1fad9d3842a9c49562dff/Containers/nextcloud/entrypoint.sh#L451-L457 php occ maintenance:repair --include-expensive php occ db:add-missing-indices php occ db:add-missing-columns php occ db:add-missing-primary-keys
string
nextcloud.objectstore.s3.autocreate (1)
true
boolean
nextcloud.objectstore.s3.bucket (1)
nextcloud-data
string
nextcloud.objectstore.s3.enabled (1)
true
boolean
nextcloud.objectstore.s3.existingSecret (1)
nextcloud-secret
string
nextcloud.objectstore.s3.host (1)
s3.{SECRET_HOME_DOMAIN}
string
nextcloud.objectstore.s3.region (1)
us-east-1
string
nextcloud.objectstore.s3.secretKeys.accessKey (1)
S3_ACCESS_KEY
string
nextcloud.objectstore.s3.secretKeys.secretKey (1)
S3_SECRET_KEY
string
nextcloud.objectstore.s3.ssl (1)
true
boolean
nextcloud.objectstore.s3.usePathStyle (1)
true
boolean
nextcloud.password (1)
${NEXTCLOUD_ADMIN_PASSWORD}
string
nextcloud.podSecurityContext.readOnlyRootFilesystem (1)
false
boolean
nextcloud.podSecurityContext.runAsGroup (1)
${APP_UID}
string
nextcloud.podSecurityContext.runAsNonRoot (1)
true
boolean
nextcloud.podSecurityContext.runAsUser (1)
${APP_UID}
string
nextcloud.podSecurityContext.supplementalGroups[] (1)
- "33"
number
nextcloud.trustedDomains[] (1)
- localhost
- nextcloud
- nextcloud.${SERVICE_DOMAIN}
string
nextcloud.update (1)
0
number
nextcloud.username (1)
${NEXTCLOUD_ADMIN_USERNAME}
string
persistence.enabled (23)
true
boolean
persistence.existingClaim (17)
nextcloud
string
persistence.nextcloudData.enabled (14)
true
boolean
persistence.nextcloudData.existingClaim (11)
nextcloud-data
string
persistence.nextcloudData.accessMode (3)
ReadWriteMany
string
persistence.nextcloudData.size (3)
100Gi
string
persistence.nextcloudData.storageClass (2)
cluster-replicated
string
persistence.nextcloudData.annotations."k8up.io/backup" (1)
true
string
persistence.nextcloudData.annotations."k8up.io/backup-restic-args" (1)
[ "--exclude", "nextcloud.log", "--exclude", "nextcloud.log.*", "--exclude", "appdata_*/preview", "--exclude", "*/files_external", "--exclude", "*/files/auto-upload" ]
string
persistence.nextcloudData.labels.backup (1)
nextcloud-data
string
persistence.nextcloudData.subPath (1)
data
string
persistence.size (3)
2Gi
string
persistence.storageClass (3)
cluster-replicated
string
persistence.accessMode (1)
ReadWriteOnce
string
ingress.enabled (22)
true
boolean
ingress.annotations."nginx.ingress.kubernetes.io/proxy-body-size" (18)
10G
string
ingress.annotations."nginx.ingress.kubernetes.io/server-snippet" (15)
server_tokens off; proxy_hide_header X-Powered-By; rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:autotest|occ|issue|indie|db_|console) { deny all; }
string
ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffering" (12)
off
string
ingress.annotations."nginx.ingress.kubernetes.io/proxy-request-buffering" (12)
off
string
ingress.annotations."external-dns.alpha.kubernetes.io/target" (7)
external.${SECRET_DOMAIN}
string
ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-headers" (7)
X-Forwarded-For
string
ingress.annotations."hajimari.io/icon" (6)
simple-icons:nextcloud
string
ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" (6)
true
string
ingress.annotations."nginx.ingress.kubernetes.io/affinity" (4)
cookie
string
ingress.annotations."cert-manager.io/cluster-issuer" (3)
letsencrypt
string
ingress.annotations."gethomepage.dev/enabled" (3)
true
string
ingress.annotations."gethomepage.dev/group" (3)
document
string
ingress.annotations."gethomepage.dev/icon" (3)
nextcloud.png
string
ingress.annotations."gethomepage.dev/name" (3)
Nextcloud
string
ingress.annotations."hajimari.io/enable" (3)
true
string
ingress.annotations."hajimari.io/group" (3)
Home/Web
string
ingress.annotations."nginx.ingress.kubernetes.io/custom-http-errors" (3)
502,503
string
ingress.annotations."nginx.ingress.kubernetes.io/enable-global-auth" (2)
false
string
ingress.annotations."gethomepage.dev/description" (1)
Cloud
string
ingress.annotations."hajimari.io/info" (1)
File and Calendar server
string
ingress.annotations."kubernetes.io/tls-acme" (1)
true
string
ingress.annotations."nginx.ingress.kubernetes.io/backend-protocol" (1)
HTTP
string
ingress.annotations."nginx.ingress.kubernetes.io/configuration-snippet" (1)
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_read_timeout 180; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; }
string
ingress.annotations."nginx.ingress.kubernetes.io/fastcgi-connect-timeout" (1)
60
string
ingress.annotations."nginx.ingress.kubernetes.io/fastcgi-read-timeout" (1)
600
string
ingress.annotations."nginx.ingress.kubernetes.io/fastcgi-send-timeout" (1)
600
string
ingress.annotations."nginx.ingress.kubernetes.io/proxy-read-timeout" (1)
3600
string
ingress.annotations."nginx.ingress.kubernetes.io/proxy-send-timeout" (1)
3600
string
ingress.className (17)
external
string
ingress.path (12)
/
string
ingress.pathType (12)
Prefix
string
ingress.tls[].hosts[] (12)
- nc.${SECRET_DOMAIN}
string
ingress.tls[].secretName (7)
nextcloud-tls
string
ingress.hosts[] (1)
- nextcloud.${SECRET_DOMAIN}
string
ingress.main.annotations."cert-manager.io/cluster-issuer" (1)
letsencrypt-production
string
ingress.main.annotations.external-dns/is-public (1)
true
string
ingress.main.annotations."external-dns.alpha.kubernetes.io/target" (1)
ipv4.${SECRET_DOMAIN}
string
ingress.main.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
ingress.main.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)
networking-cloudflare-only@kubernetescrd
string
ingress.main.enabled (1)
true
boolean
ingress.main.hosts[].host (1)
nextcloud.${SECRET_DOMAIN}
string
ingress.main.hosts[].paths[].path (1)
/
string
ingress.main.hosts[].paths[].pathType (1)
Prefix
string
ingress.main.ingressClassName (1)
traefik
string
ingress.main.tls[].hosts[] (1)
- nextcloud.${SECRET_DOMAIN}
string
ingress.main.tls[].secretName (1)
nextcloud-tls
string
externalDatabase.enabled (20)
true
boolean
externalDatabase.type (20)
postgresql
string
externalDatabase.existingSecret.enabled (15)
true
boolean, string
externalDatabase.existingSecret.passwordKey (15)
POSTGRES_PASSWORD
string
externalDatabase.existingSecret.secretName (15)
nextcloud-secret
string
externalDatabase.existingSecret.usernameKey (15)
POSTGRES_USER
string
externalDatabase.existingSecret.databaseKey (7)
POSTGRES_DB
string
externalDatabase.existingSecret.hostKey (7)
POSTGRES_HOST
string
externalDatabase.database (13)
nextcloud
string
externalDatabase.host (13)
postgres17-rw.database.svc.cluster.local
string
externalDatabase.user (2)
nextcloud
string
externalDatabase.password (1)
${NEXTCLOUD_DBPASS}
string
cronjob.enabled (19)
true
boolean
cronjob.failedJobsHistoryLimit (6)
1
number
cronjob.successfulJobsHistoryLimit (6)
1
number
cronjob.securityContext.runAsGroup (3)
82
number
cronjob.securityContext.fsGroup (1)
1000
number
cronjob.securityContext.fsGroupChangePolicy (1)
OnRootMismatch
string
cronjob.securityContext.runAsNonRoot (1)
true
boolean
cronjob.securityContext.runAsUser (1)
1000
number
cronjob.curlInsecure (2)
false
boolean
cronjob.schedule (2)
*/5 * * * *
string
cronjob.command[] (1)
- /cron.sh
string
cronjob.resources.limits.memory (1)
50Mi
string
cronjob.resources.requests.cpu (1)
5m
string
cronjob.resources.requests.memory (1)
10Mi
string
resources.requests.memory (15)
512Mi
string
resources.requests.cpu (14)
200m
string
resources.limits.memory (13)
2Gi
string
resources.limits.cpu (4)
4
number, string
startupProbe.enabled (15)
true
boolean
startupProbe.failureThreshold (13)
30
number
startupProbe.timeoutSeconds (13)
5
number
startupProbe.initialDelaySeconds (12)
5
number
startupProbe.periodSeconds (12)
10
number
startupProbe.successThreshold (12)
1
number
nginx.enabled (14)
true
boolean
nginx.image.repository (7)
public.ecr.aws/nginx/nginx
string
nginx.image.tag (6)
1.27-alpine
string
nginx.config.default (5)
true
boolean
nginx.config.custom (1)
upstream php-handler { server 127.0.0.1:9000; } server { # Default, IPv4 only listen 8080; # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header X-XSS-Protection "1; mode=block" always; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Add .mjs as a file extension for javascript # Either include it in the default mime.types list # or include you can include that list explicitly and add the file extension # only for Nextcloud like below: include mime.types; types { text/javascript js mjs; } # Path to the root of your installation root /var/www/html; # Specify how to handle directories -- specifying `/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. index index.php index.html /index.php$request_uri; # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent ~ ^DavClnt ) { return 302 /remote.php/webdav/$is_args$args; } } location = /robots.txt { allow all; log_not_found off; access_log off; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { # The following 6 rules are borrowed from `.htaccess` location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } # Anything else is dynamically handled by Nextcloud location ^~ /.well-known { return 301 /index.php$uri; } try_files $uri $uri/ =404; } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; #fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; fastcgi_read_timeout 200s; fastcgi_send_timeout 200s; } location ~ \.(?:css|js|svg|gif)$ { try_files $uri /index.php$request_uri; expires 6M; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } location ~ \.woff2?$ { try_files $uri /index.php$request_uri; expires 7d; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } location / { try_files $uri $uri/ /index.php$request_uri; } }
string
nginx.resources.requests.cpu (5)
50m
string
nginx.resources.requests.memory (5)
20Mi
string
nginx.resources.limits.memory (4)
100Mi
string
nginx.securityContext.runAsGroup (2)
82
number
nginx.containerPort (1)
8080
number
nginx.ipFamilies[] (1)
- IPv4
- IPv6
string
image.flavor (13)
fpm-alpine
string
image.repository (11)
nextcloud
string
image.tag (11)
31.0.4-apache
string
image.pullPolicy (6)
IfNotPresent
string
redis.enabled (12)
true
boolean
redis.auth.enabled (6)
true
boolean
redis.auth.existingSecret (4)
nextcloud-secret
string
redis.auth.existingSecretPasswordKey (4)
REDIS_PASSWORD
string
redis.auth.password (2)
changeme
string
redis.master.persistence.enabled (6)
false
boolean
redis.master.persistence.size (1)
2Gi
string
redis.master.resources.limits.memory (2)
100Mi
string
redis.master.resources.requests.cpu (2)
50m
string
redis.master.resources.requests.memory (2)
50Mi
string
redis.master.podLabels."policy.gabe565.com/ingress-namespace" (1)
true
string
redis.architecture (4)
standalone
string
redis.replica.persistence.enabled (3)
false
boolean
redis.replica.replicaCount (1)
0
number
redis.commonConfiguration (2)
# Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes # Disable RDB persistence, AOF persistence already enabled. save "" maxmemory 94371840 maxmemory-policy allkeys-lru
string
redis.global.storageClass (2)
cluster-scratch
string
redis.metrics.enabled (2)
true
boolean
redis.metrics.resources.requests.cpu (2)
10m
string
redis.metrics.resources.requests.memory (2)
10Mi
string
redis.metrics.resources.limits.memory (1)
20Mi
string
redis.metrics.serviceMonitor.enabled (2)
true
boolean
redis.password (1)
redis-password
string
redis.usePassword (1)
true
boolean
livenessProbe.enabled (11)
false
boolean
livenessProbe.failureThreshold (8)
3
number
livenessProbe.periodSeconds (8)
10
number
livenessProbe.initialDelaySeconds (7)
10
number
livenessProbe.successThreshold (7)
1
number
livenessProbe.timeoutSeconds (7)
5
number
readinessProbe.enabled (11)
false
boolean
readinessProbe.periodSeconds (8)
10
number
readinessProbe.failureThreshold (7)
3
number
readinessProbe.initialDelaySeconds (7)
5
number
readinessProbe.successThreshold (7)
1
number
readinessProbe.timeoutSeconds (7)
5
number
metrics.enabled (7)
true
boolean
metrics.https (5)
true
boolean
metrics.serviceMonitor.enabled (5)
false
boolean
metrics.serviceMonitor.interval (1)
30s
string
metrics.serviceMonitor.jobLabel (1)

string
metrics.serviceMonitor.labels.release (1)
kube-prometheus-stack
string
metrics.serviceMonitor.namespace (1)

string
metrics.serviceMonitor.scrapeTimeout (1)

string
metrics.image.repository (2)
xperimental/nextcloud-exporter
string
metrics.image.tag (2)
0.8.0
string
metrics.image.pullPolicy (1)
IfNotPresent
string
metrics.server (2)
https://nextcloud.${SERVICE_DOMAIN}
string
metrics.info.apps (1)
false
boolean
metrics.replicaCount (1)
1
number
metrics.resources.requests.cpu (1)
10m
string
metrics.resources.requests.memory (1)
20Mi
string
metrics.securityContext.runAsNonRoot (1)
true
boolean
metrics.securityContext.runAsUser (1)
${APP_UID}
string
metrics.service.annotations."prometheus.io/port" (1)
9205
string
metrics.service.annotations."prometheus.io/scrape" (1)
true
string
metrics.service.type (1)
ClusterIP
string
metrics.timeout (1)
5s
string
metrics.tlsSkipVerify (1)
false
boolean
metrics.token (1)

string
deploymentAnnotations."secret.reloader.stakater.com/reload" (5)
nextcloud-secret
string
deploymentAnnotations."reloader.stakater.com/auto" (3)
true
string
phpClientHttpsFix.enabled (5)
true
boolean
phpClientHttpsFix.protocol (3)
https
string
replicaCount (5)
1
number
fullnameOverride (4)
nextcloud
string
postgresql.enabled (4)
false
boolean
postgresql.existingSecret (1)
nextcloud
string
postgresql.postgresqlDatabase (1)
nextcloud
string
postgresql.postgresqlUsername (1)
nextcloud
string
postgresql.primary.persistence.enabled (1)
true
boolean
postgresql.primary.persistence.existingClaim (1)
nextcloud-postgres
string
postgresql.secretKeys.adminPasswordKey (1)
postgresql_password
string
hpa.enabled (2)
false
boolean
hpa.cputhreshold (1)
60
number
hpa.minPods (1)
1
number
imaginary.enabled (2)
true
boolean
imaginary.resources.requests.cpu (1)
10m
string
imaginary.resources.requests.memory (1)
1Gi
string
podAnnotations."reloader.stakater.com/auto" (2)
true
string
podAnnotations."configmap.reloader.stakater.com/reload" (1)
nextcloud-settings
string
service.main.controller (2)
main
string
service.main.ports.http.port (2)
8112
number
service.annotations."traefik.ingress.kubernetes.io/service.sticky.cookie" (1)
true
string
service.loadBalancerIP (1)

string
service.port (1)
8080
number
service.type (1)
ClusterIP
string
env.PHP_MEMORY_LIMIT (1)
256M
string
env.TZ (1)
${TIMEZONE}
string
lifecycle.postStartCommand[] (1)
- su
- www-data
- -s
- /bin/sh
- -c
- cd /var/www/html; ./occ upgrade; ./occ db:add-missing-indices; /bin/true
string
mariadb.db.name (1)
nextcloud
string
mariadb.db.password (1)
db-password
string
mariadb.db.user (1)
nextcloud
string
mariadb.enabled (1)
true
boolean
mariadb.master.persistence.accessMode (1)
ReadWriteOnce
string
mariadb.master.persistence.enabled (1)
true
boolean
mariadb.master.persistence.size (1)
8Gi
string
mariadb.replication.enabled (1)
false
boolean
mariadb.rootUser.forcePassword (1)
true
boolean
mariadb.rootUser.password (1)
root-db-password
string
nameOverride (1)

string
podLabels."policy.gabe565.com/egress-namespace" (1)
true
string
podLabels."policy.gabe565.com/egress-world" (1)
true
string
podLabels."policy.gabe565.com/ingress-ingress" (1)
true
string
rbac.enabled (1)
true
boolean
rbac.serviceaccount.create (1)
true
boolean
rbac.serviceaccount.name (1)
nextcloud-serviceaccount
string
securityContext.fsGroupChangePolicy (1)
OnRootMismatch
string
strategy.type (1)
Recreate
string