Merge branch 'release/1.4.0'

Inveniem · Jun 6, 2019 · 152eb04 · 152eb04
2 parents d242af7 + 48e533c
commit 152eb04
Show file tree

Hide file tree

Showing 21 changed files with 316 additions and 262 deletions.
diff --git a/nextcloud-aks/README.md b/nextcloud-aks/README.md
@@ -86,10 +86,10 @@ Nextcloud stores data in this storage account as follows:
 
 #### About the Redis Cache
 To support clustered deployment (i.e. multiple Nextcloud pods behind a load
-balancer), this resource kit is designed to create a Redis cache instance that
-is used to persist file locks and PHP sessions. The cache is automatically 
-created by `./setup_redis_cache.sh` as part of running the top-level 
-`./deploy_nextcloud.sh` script.
+balancer), this resource kit is designed to create a Redis cache pod within
+the cluster that is used to persist file locks and PHP sessions. The cache is 
+automatically created by `./deploy_redis_cache.sh` as part of running the 
+top-level `./deploy_nextcloud.sh` script.
 
 #### Running the Deployment as Individual Pieces
 For greater control -- as an alternative to running the top-level script -- you 

diff --git a/nextcloud-aks/VERSION b/nextcloud-aks/VERSION
@@ -1 +1 @@
-1.3.1
+1.4.0
diff --git a/nextcloud-aks/addons/ubuntu-diag/configs/app-ubuntu-diag.yaml b/nextcloud-aks/addons/ubuntu-diag/configs/app-ubuntu-diag.yaml
@@ -0,0 +1,43 @@
+##
+# Kubernetes deployment configuration for running a standard Ubuntu image, for
+# diagnosing issues with Nextcloud from inside the cluster.
+#
+# @author Guy Elsmore-Paddock ([email protected])
+# @copyright Copyright (c) 2019, Inveniem
+# @license GNU AGPL version 3 or any later version
+#
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ubuntu-diag
+spec:
+  replicas: 1
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: utility-ubuntu-diag
+  template:
+    metadata:
+      labels:
+        app: utility-ubuntu-diag
+        role: utility
+    spec:
+      containers:
+        - name: ubuntu
+          image: "ubuntu:18.04"
+          command: [ "sleep" ]
+          args: [ "infinity" ]
+          resources:
+            requests:
+              cpu: 100m
+              memory: 64Mi
+            limits:
+              cpu: 2000m
+              memory: 512Mi
+          volumeMounts:
+            - name: volume-nextcloud-client-zft
+              mountPath: "/mnt/share/client-zft"
+      volumes:
+        - name: volume-nextcloud-client-zft
+          persistentVolumeClaim:
+            claimName: "claim-nextcloud-client-zft"
diff --git a/nextcloud-aks/addons/ubuntu-diag/delete_ubuntu_diag_app.sh b/nextcloud-aks/addons/ubuntu-diag/delete_ubuntu_diag_app.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+##
+# This script removes the Ubuntu diagnostic application from Kubernetes.
+#
+# @author Guy Elsmore-Paddock ([email protected])
+# @copyright Copyright (c) 2019, Inveniem
+# @license GNU AGPL version 3 or any later version
+#
+
+set -e
+set -u
+
+echo "Un-deploying SFTP application..."
+kubectl delete -f "configs/app-ubuntu-diag.yaml"
+echo "Done."
+echo ""
diff --git a/nextcloud-aks/addons/ubuntu-diag/deploy_ubuntu_diag_app.sh b/nextcloud-aks/addons/ubuntu-diag/deploy_ubuntu_diag_app.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+##
+# This script deploys the Ubuntu diagnostic application to Kubernetes.
+#
+# @author Guy Elsmore-Paddock ([email protected])
+# @copyright Copyright (c) 2019, Inveniem
+# @license GNU AGPL version 3 or any later version
+#
+
+set -e
+set -u
+
+source '../../config.env'
+
+echo "Deploying Ubuntu diagnostic application..."
+kubectl apply -f "configs/app-ubuntu-diag.yaml"
+echo "Done."
+echo ""
diff --git a/nextcloud-aks/config.example.env b/nextcloud-aks/config.example.env
@@ -111,16 +111,16 @@ NEXTCLOUD_ADMIN_PASSWORD="NextcloudAdminPassword"
 # available in the deployed image.
 #
 NEXTCLOUD_CUSTOM_APPS=(
-    'https://github.com/nextcloud/files_antivirus/releases/download/v2.0.1/files_antivirus.tar.gz'
-    'https://github.com/nextcloud/files_automatedtagging/releases/download/v1.6.0/files_automatedtagging-1.6.0.tar.gz'
+    'https://github.com/nextcloud/files_antivirus/releases/download/v2.1.1/files_antivirus.tar.gz'
+    'https://github.com/nextcloud/files_automatedtagging/releases/download/v1.5.0/files_automatedtagging-1.5.0.tar.gz'
     'https://github.com/nextcloud/files_downloadactivity/releases/download/v1.4.0/files_downloadactivity-1.4.0.tar.gz'
     'https://github.com/nextcloud/files_rightclick/releases/download/v0.13.0/files_rightclick.tar.gz'
-    'https://github.com/paulijar/music/files/2980042/music_0.9.4_nc-signed.tar.gz'
+    'https://github.com/paulijar/music/files/3124325/music_0.9.5_nc-signed.tar.gz'
     'https://github.com/gino0631/nextcloud-metadata/releases/download/v0.9.0/metadata.tar.gz'
-    'https://github.com/pbek/ownbackup/releases/download/18.11.0/ownbackup-nc.tar.gz'
-    'https://github.com/westberliner/owncloud-checksum/releases/download/v0.4.2/checksum.tar.gz'
-    'https://github.com/nextcloud/user_external/releases/download/v0.6.1/user_external-0.6.1.tar.gz'
-    'https://github.com/nextcloud/user_saml/releases/download/v2.2.0/user_saml-2.2.0.tar.gz'
+    'https://github.com/pbek/ownbackup/releases/download/19.5.0/ownbackup-nc.tar.gz'
+    'https://github.com/westberliner/owncloud-checksum/releases/download/v0.4.3/checksum.tar.gz'
+    'https://github.com/nextcloud/user_external/releases/download/v0.6.3/user_external-0.6.3.tar.gz'
+    'https://github.com/nextcloud/user_saml/releases/download/v2.3.1/user_saml-2.3.1.tar.gz'
 )
 
 ##
@@ -176,43 +176,6 @@ MYSQL_DATABASE="nextcloud"
 MYSQL_USER="nextcloud@my-live"
 MYSQL_PASSWORD="MySQLPassword"
 
-################################################################################
-# Redis Cache Settings
-################################################################################
-
-##
-# The resource group in which the Redis cache being used by Nextcloud should
-# be automatically provisioned.
-#
-# This is typically in the same resource group as the storage account.
-#
-REDIS_RESOURCE_GROUP="my-nextcloud-storage"
-
-##
-# The name of the Redis cache to create.
-#
-# For consistency, this is typically named similarly to the storage account,
-# since Azure suffixes this with ".redis.cache.windows.net" to create a
-# hostname.
-#
-REDIS_CACHE_NAME="mynextcloud"
-
-##
-# The type of Azure Redis offering to deploy (Basic, Standard, Premium).
-#
-# See:
-# https://docs.microsoft.com/en-us/cli/azure/redis?view=azure-cli-latest#required-parameters
-#
-REDIS_SKU="Basic"
-
-##
-# The instance size of Azure Redis to deploy (C0-C6, or P1-P4).
-#
-# See:
-# https://docs.microsoft.com/en-us/cli/azure/redis?view=azure-cli-latest#required-parameters
-#
-REDIS_SIZE="C0"
-
 ################################################################################
 # Storage Account Settings
 ################################################################################
@@ -221,14 +184,11 @@ REDIS_SIZE="C0"
 # The resource group in which the storage account being used by Nextcloud should
 # be automatically provisioned.
 #
-# This is typically in the same resource group as the Redis cache.
-#
 STORAGE_RESOURCE_GROUP="my-nextcloud-storage"
 
 ##
 # The name of the storage account resource to create.
 #
-# For consistency, this is typically named similarly to the Redis cache, since
 # Azure suffixes this with ".file.core.windows.net" to create a hostname.
 #
 STORAGE_ACCOUNT_NAME="mynextcloud"
@@ -256,7 +216,8 @@ STORAGE_FILE_SHARES=(
 # Secret Names
 ################################################################################
 # The names of ALL secrets must be unique, and must not overlap with any secrets
-# from any other application running on the Kubernetes cluster.
+# from any other application running in the same namespace on the Kubernetes
+# cluster.
 
 ##
 # The name of the secret within Kubernetes that will be created and referenced
@@ -266,16 +227,10 @@ KUBE_NEXTCLOUD_ADMIN_CREDS_SECRET="nextcloud-storage-admin-creds"
 
 ##
 # The name of the secret within Kubernetes that will be created and referenced
-# for storing the initial admin username and password.
+# for storing the database host name, database name, user name, and password.
 #
 KUBE_NEXTCLOUD_MYSQL_CREDS_SECRET="nextcloud-storage-mysql-creds"
 
-##
-# The name of the secret within Kubernetes that will be created and referenced
-# for accessing the Redis cache.
-#
-KUBE_REDIS_KEY_SECRET="nextcloud-storage-redis-creds"
-
 ##
 # The name of the secret within Kubernetes that will be created and referenced
 # for accessing blob containers on the Nextcloud storage account.
@@ -308,12 +263,12 @@ NEW_RELIC_KEY=""
 ##
 # The URL to the New Relic PHP agent (optional).
 #
-# The default downloads NR PHP agent 8.5.0.235 for PHP 5+. Use the latest shown
+# The default downloads NR PHP agent 8.7.0.242 for PHP 5+. Use the latest shown
 # here: https://download.newrelic.com/php_agent/release/
 #
 # Leave blank if you do not use New Relic monitoring.
 #
-NEW_RELIC_AGENT_URL="https://download.newrelic.com/php_agent/release/newrelic-php5-8.5.0.235-linux.tar.gz"
+NEW_RELIC_AGENT_URL="https://download.newrelic.com/php_agent/release/newrelic-php5-8.7.0.242-linux.tar.gz"
 
 ##
 # The name by which you would like Nextcloud to identify itself in New Relic.

diff --git a/nextcloud-aks/configs/app-clamav.template.yaml b/nextcloud-aks/configs/app-clamav.template.yaml
@@ -3,8 +3,8 @@
 # service, for use by Nextcloud's Antivirus app.
 #
 # With this configuration, Nextcloud can reach ClamAV on port 3310 at hostname
-# "internal-clamav.default.svc.cluster.local" (aka "internal-clamav.default" or
-# "internal-clamav" for short") within the cluster.
+# "internal-clamav.NAMESPACE.svc.cluster.local" (aka "internal-clamav.NAMESPACE"
+# or "internal-clamav" for short") within the cluster.
 #
 # @author Guy Elsmore-Paddock ([email protected])
 # @copyright Copyright (c) 2019, Inveniem

diff --git a/nextcloud-aks/configs/app-nextcloud-apache.template.yaml b/nextcloud-aks/configs/app-nextcloud-apache.template.yaml
@@ -87,14 +87,9 @@ spec:
                   name: "${KUBE_NEXTCLOUD_MYSQL_CREDS_SECRET}"
                   key: password
             - name: REDIS_HOST
-              value: "localhost"
+              value: "internal-redis"
             - name: REDIS_PORT
               value: "6379"
-            - name: REDIS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "${KUBE_REDIS_KEY_SECRET}"
-                  key: key
           readinessProbe:
             httpGet:
               # This path should work both before and after installation.
@@ -118,42 +113,7 @@ spec:
             initialDelaySeconds: 10
             periodSeconds: 10
             timeoutSeconds: 10
-        # Container: Secure Tunnel Middleware
-        - name: middle-stunnel
-          image: "guyelsmorepaddock/stunnel@sha256:1e066a006c75ba487754857fa5b1ed259937e7e7650c108e16ff5ea184c94f0f"
-#          imagePullPolicy: Always
-          resources:
-            requests:
-              cpu: 25m
-              memory: 50Mi
-            limits:
-              cpu: 1000m
-              memory: 128Mi
-          env:
-            - name: REDIS_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: "${KUBE_REDIS_KEY_SECRET}"
-                  key: hostname
-            - name: REDIS_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: "${KUBE_REDIS_KEY_SECRET}"
-                  key: port
-            - name: STUNNEL_SERVICE
-              value: "redis"
-            - name: STUNNEL_CLIENT
-              value: "yes"
-            - name: STUNNEL_ACCEPT
-              value: "6379"
-            - name: STUNNEL_CONNECT
-              value: "$(REDIS_HOST):$(REDIS_PORT)"
-            - name: STUNNEL_VERIFY_CHAIN
-              value: "yes"
-            - name: STUNNEL_CHECK_HOST
-              value: "$(REDIS_HOST)"
-            - name: STUNNEL_CIPHERS
-              value: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
+            failureThreshold: 12
       imagePullSecrets:
         # NOTE: This secret is added by `setup_aks_acr_service_principal.sh`.
         - name: "${ACR_DOCKER_CREDS_SECRET}"

diff --git a/nextcloud-aks/configs/app-nextcloud-fpm-nginx.template.yaml b/nextcloud-aks/configs/app-nextcloud-fpm-nginx.template.yaml
@@ -85,50 +85,9 @@ spec:
                   name: "${KUBE_NEXTCLOUD_MYSQL_CREDS_SECRET}"
                   key: password
             - name: REDIS_HOST
-              value: "localhost"
+              value: "internal-redis"
             - name: REDIS_PORT
               value: "6379"
-            - name: REDIS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "${KUBE_REDIS_KEY_SECRET}"
-                  key: key
-        # Container: Secure Tunnel Middleware
-        - name: middle-stunnel
-          image: "guyelsmorepaddock/stunnel@sha256:1e066a006c75ba487754857fa5b1ed259937e7e7650c108e16ff5ea184c94f0f"
-#          imagePullPolicy: Always
-          resources:
-            requests:
-              cpu: 25m
-              memory: 50Mi
-            limits:
-              cpu: 1000m
-              memory: 128Mi
-          env:
-            - name: REDIS_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: "${KUBE_REDIS_KEY_SECRET}"
-                  key: hostname
-            - name: REDIS_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: "${KUBE_REDIS_KEY_SECRET}"
-                  key: port
-            - name: STUNNEL_SERVICE
-              value: "redis"
-            - name: STUNNEL_CLIENT
-              value: "yes"
-            - name: STUNNEL_ACCEPT
-              value: "6379"
-            - name: STUNNEL_CONNECT
-              value: "$(REDIS_HOST):$(REDIS_PORT)"
-            - name: STUNNEL_VERIFY_CHAIN
-              value: "yes"
-            - name: STUNNEL_CHECK_HOST
-              value: "$(REDIS_HOST)"
-            - name: STUNNEL_CIPHERS
-              value: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
         # Container: Nginx Server Middleware
         - name: middle-nextcloud-nginx
           image: "${REGISTRY_HOST}/inveniem/nextcloud-nginx-middleware:${CONTAINER_VERSION}"
@@ -169,6 +128,7 @@ spec:
             initialDelaySeconds: 10
             periodSeconds: 10
             timeoutSeconds: 10
+            failureThreshold: 12
       imagePullSecrets:
         # NOTE: This secret is added by `setup_aks_acr_service_principal.sh`.
         - name: "${ACR_DOCKER_CREDS_SECRET}"