Back in 2018 I’ve published my Article Nextcloud-Docker on Kubernetes-cluster + SSL certificates. Since then, some things have changed and became easier. Hence, let’s wrap it up to a simpler 2021-version!
Changes
- Ubuntu 20.04 LTS
- Install Microk8s via Snap, instead of native Kubernetes.io sources
What is excluded
Helm. Why? I’m a big fan of helm and I’m using it for some orchestrations as well. However especially for Nextcloud,
- I prefer orchestrating everything on my own
- While publishing my initial Nextcloud-article, some serious things have changed in Helm. The inintial article is still valid and compatible with today’s packages.
Let’s jump in!
Download and set up Ubuntu 20.04 LTS. I won’t cover any further steps here since there are a lot of information out there.
Setting up Docker & Kubernetes (Microk8s) on Ubuntu
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install docker.io
$ sudo systemctl enable docker
$ sudo snap install microk8s –classic
Pretty easy, isn’t it? 🙂
Setting up Nextcloud on Microk8s
Extra-hint: Use the following in an extra-terminal to be able to see what the Kubernetes-cluster is doing
$ watch -n 10 kubectl get deployment,svc,pods,pvc,pv,ing
Deployment + Service: MariaDB
As a user (not root) create a folder nc-deployment, download pre-defined MariaDB-descriptions from my GitHub, adjust it to your needs and deploy:
$ mkdir nc-deployment $ cd nc-deployment $ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/db-deployment.yaml $ nano db-deployment.yaml --> change MYSQL_PASSWORD here --> change MYSQL_ROOT_PASSWORD here --> change db's HostPath here, which should be the absolute location of 'nc-deployment'/db-pv (eg /home/andremotz/nc-deployment/db-pv) $ kubectl create -f db-deployment.yaml $ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/db-svc.yaml $ kubectl create -f db-svc.yaml
Deployment + Service: Nextcloud:
Next, download Nextcloud-descriptions, adjust them and deploy:
$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/nc-deployment.yaml $ nano nc-deployment.yaml --> change NEXTCLOUD_URL --> change NEXTCLOUD_ADMIN_PASSWORD --> change MYSQL_PASSWORD (the value you've entered before) --> change html's hostPath (eg. to /home/andremotz/nc-deployment/nc-pv) $ kubectl create -f nc-deployment.yaml $ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/nc-svc.yaml $ kubectl create -f nc-svc.yaml
Create self-signed certificates
The OMGWTFSSL-Docker image offers easy-to-use certificate-creation. Here we are using only a Pod, not a Deployment. Once the certificates are created, the Pod will stop.
$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/omgwtfssl-pod.yaml $ nano omgwtfssl-pod.yaml --> change SSL_SUBJECT to your server's name --> change CA_SUBJECT to your mail-adress --> change SSL_KEY to a proper filename --> change SSL_CSR to a proper filename --> change SSL_CERT to a proper filename --> change cert's hostPath (eg. to /home/andremotz/nc-deployment/certs-pv) $ kubectl create -f omgwtfssl-pod.yaml
Deployment + Service: Nginx reverse Proxy
One could already easily adjust the Nextcloud-service to publish HTTP-driven service. However we want to use a Nginx-instance in front of our Nextcloud to be able to use HTTPS-encryption. For the proxy we are not using a Deployment but a Pod, to be able to make use of standard HTTP/HTTPS-ports 80 & 443
$ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/nginx.conf $ nano nginx.conf --> change server_name (two locations in the file!) to the server name you've provided before for SSL_SUBJECT --> change ssl_certificate to the filename you've provide before for SSL_CERT --> change ssl_certificate_key to the filename you've provide before for SSL_KEY $ wget https://raw.githubusercontent.com/andremotz/nextcloud-kubernetes/master/kubernetes-yaml/proxy-pod.yaml $ nano proxy-pod.yaml --> change cert's hostPath to the location you have provided before---> change nginx-config's hostpath to the location where you've stored nginx.conf before (eg. /home/andremotz/nc-deployment/nginx.conf) --> change nginx-logs' hostpath to a proper location $ kubectl create -f proxy-pod.yaml
Now you should be able to point your browser to https://<yourserver> and see a new Nextcloud-instance, running on a super-hyper nextlevel-Kubernetes cluster, that you could use for further cool stuff 😉
Final hint:
Disable swap permanently – add a comment to the /etc/fstab – swap entry like this:
#/swap.img none swap sw 0 0
That’s it!! 😉
Hi,
I saw your project NextCloud on K8S on GitHub (https://github.com/andremotz/nextcloud-kubernetes) and I found your site with this updated article. I was wondering if you had some sources about this subject. Other question, do you know any project about NextCloud on K8S without docker ?
For your information, I am a trainee in Cybersecurity by Lydra (lydra.fr) and at IT Akademy (Villeurbanne, France).
Thanks a lot for your answer.
Sincerely,
Hi Jean,
for my article I was using numerous sources, DuckDuckGo-searches, boards, K8s books but did not keep track of them. So far I have no experience on K8s without Docker. Do you have some good links for that topic?
Best,
André