---
apiVersion: v1
kind: ConfigMap
metadata:
  annotations: {}
  name: owncloud-config
  namespace: storage
data:
  OWNCLOUD_ADMIN_PASSWORD: YYuiwhdyfUOjjoako
  OWNCLOUD_ADMIN_USERNAME: sefu
  OWNCLOUD_DB_HOST: owncloud-mariadb
  OWNCLOUD_DB_NAME: owncloud
  OWNCLOUD_DB_TYPE: mysql
  OWNCLOUD_DOMAIN: localhost:8080
  OWNCLOUD_MYSQL_UTF8MB4: 'true'
  OWNCLOUD_REDIS_ENABLED: 'true'
  OWNCLOUD_REDIS_HOST: owncloud-redis
  OWNCLOUD_TRUSTED_DOMAINS: drive.vandachevici.ro
---
# NOTE: Secret 'owncloud-db-secret' must be created manually:
#   kubectl create secret generic owncloud-db-secret \
#     --from-literal=root-password=<ROOT_PASS> \
#     --from-literal=user=<USER> \
#     --from-literal=password=<PASS> \
#     --from-literal=database=owncloud \
#     -n storage
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations: {}
  name: owncloud-files-v2-pvc
  namespace: storage
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 190Gi
  storageClassName: nfs-owncloud
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  name: owncloud-server
  namespace: storage
spec:
  replicas: 2
  selector:
    matchLabels:
      app: owncloud-server
  template:
    metadata:
      labels:
        app: owncloud-server
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app: owncloud-server
            topologyKey: kubernetes.io/hostname
      containers:
      - env:
        - name: OWNCLOUD_DB_USERNAME
          valueFrom:
            secretKeyRef:
              key: user
              name: owncloud-db-secret
        - name: OWNCLOUD_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: owncloud-db-secret
        envFrom:
        - configMapRef:
            name: owncloud-config
        image: owncloud/server:10.12
        livenessProbe:
          exec:
            command:
            - /usr/bin/healthcheck
          failureThreshold: 5
          initialDelaySeconds: 120
          periodSeconds: 30
          timeoutSeconds: 10
        name: owncloud
        ports:
        - containerPort: 8080
          name: http
        readinessProbe:
          exec:
            command:
            - /usr/bin/healthcheck
          failureThreshold: 5
          initialDelaySeconds: 60
          periodSeconds: 10
          timeoutSeconds: 10
        resources:
          limits:
            cpu: 1000m
            memory: 2Gi
          requests:
            cpu: 200m
            memory: 512Mi
        volumeMounts:
        - mountPath: /mnt/data
          name: owncloud-files
      volumes:
      - name: owncloud-files
        persistentVolumeClaim:
          claimName: owncloud-files-v2-pvc
---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  name: owncloud-server
  namespace: storage
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: owncloud-server
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/proxy-read-timeout: '600'
    nginx.ingress.kubernetes.io/proxy-send-timeout: '600'
    nginx.ingress.kubernetes.io/use-forwarded-headers: 'true'
  name: owncloud
  namespace: storage
spec:
  ingressClassName: nginx
  rules:
  - host: drive.vandachevici.ro
    http:
      paths:
      - backend:
          service:
            name: owncloud-server
            port:
              number: 8080
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - drive.vandachevici.ro
    secretName: owncloud-tls