Merge remote-tracking branch 'origin/main'

# Conflicts:
#	charts/nextcloud/Chart.lock
#	charts/nextcloud/Chart.yaml

Author: MichaelSp

.github/tests/test_job.yaml

@@ -0,0 +1,63 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-nextcloud
+  namespace: nextcloud
+spec:
+  template:
+    metadata:
+      name: test-nextcloud
+    spec:
+      initContainers:
+        - name: 05-create-nextcloud-file
+          image: curlimages/curl
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+              echo "download image:"
+              curl -s "https://upload.wikimedia.org/wikipedia/commons/d/df/Open_data.png" -o test_upload.png
+              echo "upload to nextcloud:"
+              curl \
+                -s \
+                -w "%{http_code}" \
+                -u admin:changeme \
+                -T test_upload.png \
+              "http://nextcloud.nextcloud.svc.cluster.local:8080/remote.php/dav/files/admin/test_upload.png" || exit 1;
+              echo "done"
+        - name: 10-generate-preview
+          image: docker.io/library/nextcloud:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+              echo "fetch preview:"
+              OUTPUT=$(curl \
+                -s \
+                -w "%{http_code}" \
+                -u admin:changeme \
+              "http://nextcloud.nextcloud.svc.cluster.local:8080/index.php/core/preview.png?file=test_upload.png&x=128&y=128&mimeFallback=true&a=0" \
+                -o - | file -)
+              echo "${OUTPUT}";
+              if ! echo "${OUTPUT}" | grep -q "PNG"; then
+                echo "PNG was not detected"
+                exit 1;
+              fi
+              if ! echo "${OUTPUT}" | grep -q "256 x 256"; then
+                echo "Image size is incorrect"
+                exit 1;
+              fi
+              echo "done"
+      containers:
+        - name: final
+          image: curlimages/curl
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+              echo "All tests run successfull (initContainer in given order)"
+      restartPolicy: Never

.github/tests/test_upload_job.yaml

@@ -39,6 +39,7 @@ jobs:
       - name: Add dependency chart repos
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add collabora-online https://collaboraonline.github.io/online
 
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.6.1
@@ -87,6 +88,12 @@ jobs:
             # we need to skip the clean up so we can test adding a file
             helm_args: |
                 --namespace nextcloud --skip-clean-up --helm-extra-set-args "--values charts/nextcloud/test-values/s3-as-primary-storage.yaml"
+            test: true
+
+          # test the helm chart with imaginary
+          - name: Imaginary Enabled
+            helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml"
+            test: true
 
     steps:
       - name: Checkout
@@ -102,6 +109,7 @@ jobs:
       - name: Add dependency chart repos
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add collabora-online https://collaboraonline.github.io/online
 
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.6.1
@@ -138,18 +146,20 @@ jobs:
         if: steps.list-changed.outputs.changed == 'true'
         run: ct install --target-branch ${{ github.event.repository.default_branch }} ${{ matrix.test_cases.helm_args }}
 
-      - name: Try adding a file to Nextcloud
-        if: matrix.test_cases.name == 'S3 Enabled as Primary Storage'
+      - name: Run test for Nextcloud
+        if: matrix.test_cases.test
         # applies a kubernetes job that uploads a file and then checks log of finished pod
         run: |
+            EXIT=0
             kubectl config set-context --current --namespace=nextcloud && \
-            kubectl apply -f ./.github/tests/test_upload_job.yaml --wait=true && \
+            kubectl apply -f ./.github/tests/test_job.yaml --wait=true && \
             sleep 2 && \
-            kubectl wait --for=condition=Complete --timeout=2m job/create-nextcloud-file && \
-            echo "Here's the logs from the job:" && \
-            kubectl logs --tail=-1 -f -l batch.kubernetes.io/job-name=create-nextcloud-file && \
-            echo "Here's the logs from the nextcloud pod:" && \
-            kubectl logs -l app.kubernetes.io/name=nextcloud
+            kubectl wait --for=condition=Complete --timeout=2m job/test-nextcloud || EXIT=1
+            echo "Here's the logs from the job:"
+            kubectl logs --ignore-errors --prefix --tail=-1 --all-containers=true -l batch.kubernetes.io/job-name=test-nextcloud
+            echo "Here's the logs from the nextcloud pod:"
+            kubectl logs --ignore-errors --prefix -l app.kubernetes.io/name=nextcloud
+            exit $EXIT
 
   summary:
     runs-on: ubuntu-latest

.github/workflows/lint-test.yaml

@@ -35,6 +35,7 @@ jobs:
       - name: Add dependency chart repos
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add collabora https://collaboraonline.github.io/online/
 
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.6.0

.github/workflows/release.yaml

@@ -8,5 +8,8 @@ dependencies:
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 20.4.0
-digest: sha256:2be1a22db588149dc967301cdcbb074ccdd3c1124128d4edc82a39dd03e92c03
-generated: "2024-12-09T12:08:04.90799833Z"
+- name: collabora-online
+  repository: https://collaboraonline.github.io/online
+  version: 1.1.20
+digest: sha256:97c4fa6bb7fac4ee45dc08f5dff094280e79fefb3cf222cb6e198cf5efe9a2ba
+generated: "2024-12-23T15:45:30.659899+01:00"

charts/nextcloud/Chart.lock

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: nextcloud
-version: 6.3.0-build.2
-appVersion: 30.0.2
+version: 6.5.1
+appVersion: 30.0.4
 description: A file sharing server that puts the control and security of your own data back into your hands.
 keywords:
 - nextcloud
@@ -34,3 +34,8 @@ dependencies:
   version: 20.4.0
   repository: oci://registry-1.docker.io/bitnamicharts
   condition: redis.enabled
+- name: collabora-online
+  version: 1.1.20
+  repository: https://collaboraonline.github.io/online
+  condition: collabora.enabled
+  alias: collabora

charts/nextcloud/Chart.yaml

@@ -16,13 +16,19 @@ helm install my-release nextcloud/nextcloud
 * [Installing the Chart](#installing-the-chart)
 * [Uninstalling the Chart](#uninstalling-the-chart)
 * [Configuration](#configuration)
-    * [Ingress-Controller](#ingress)
+    * [Ingress](#ingress)
+        * [Ingress Sticky-Sessions](#ingress-sticky-sessions)
+            * [NGINX Ingress-Controller](#nginx-ingress-controller)
+            * [Traefik Ingress-Controller](#traefik-ingress-controller)
+            * [HAProxy Ingress-Controller (Community-Version)](#haproxy-ingress-controller-community-version)
     * [Database Configurations](#database-configurations)
     * [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
     * [Persistence Configurations](#persistence-configurations)
     * [Metrics Configurations](#metrics-configurations)
-    * [Headers set on nginx](#headers-set-on-nginx)
+    * [Headers set on NGINX](#headers-set-on-nginx)
     * [Probes Configurations](#probes-configurations)
+    * [Collabora Configuration](#collabora-configuration)
+    * [Imaginary](#imaginary)
 * [Cron jobs](#cron-jobs)
 * [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
 * [Multiple config.php file](#multiple-configphp-file)
@@ -494,6 +500,73 @@ The nextcloud deployment includes a series of different probes you can use to de
 > [!Note]
 > If you are getting errors on initialization (such as `Fatal error: require_once(): Failed opening required '/var/www/html/lib/versioncheck.php'`, but you can get other errors as well), a good first step is to try and enable the startupProbe and/or increase the `initialDelaySeconds` for the `livenessProbe` and `readinessProbe` to something much greater (consider using `120` seconds instead of `10`. This is an especially good idea if your cluster is running on older hardware, has a slow internet connection, or you're using a slower storage class, such as NFS that's running with older disks or a slow connection.
 
+### Collabora Configuration
+
+This section provides options to enable and configure the Collabora Online server within your deployment. Please ensure to review the [Collabora Online Helm chart documentation](https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online) for additional details and recommended values.
+
+| Parameter                              | Description                                                                                        | Default                                                                                             |
+|----------------------------------------|----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| `collabora.enabled`                    | Enable or disable the Collabora Online integration                                                 | `false`                                                                                             |
+| `collabora.autoscaling.enabled`        | Enable or disable autoscaling for the Collabora Online pods                                        | `false`                                                                                             |
+| `collabora.collabora.aliasgroups`      | List of HTTPS nextcloud domains if Collabora is behind a reverse proxy                             | `[]`                                                                                                |
+| `collabora.collabora.extra_params`     | Additional parameters for the Collabora Online service                                             | `"--o:ssl.enabled=false"`                                                                           |
+| `collabora.collabora.server_name`      | Specify the server name when the hostname is not directly reachable (e.g., behind a reverse proxy) | `null`                                                                                              |
+| `collabora.existingSecret.enabled`     | Enable using existing secret for admin login credentials                                           | `false`                                                                                             |
+| `collabora.existingSecret.secretName`  | Name of the existing secret containing admin login credentials                                     | `""`                                                                                                |
+| `collabora.existingSecret.usernameKey` | Key in the secret for the admin username                                                           | `"username"`                                                                                        |
+| `collabora.existingSecret.passwordKey` | Key in the secret for the admin password                                                           | `"password"`                                                                                        |
+| `collabora.collabora.username`         | Admin username for Collabora Online                                                                | `admin`                                                                                             |
+| `collabora.collabora.password`         | Admin password for Collabora Online                                                                | `examplepass`                                                                                       |
+| `collabora.ingress.enabled`            | Enable or disable ingress for Collabora Online                                                     | `false`                                                                                             |
+| `collabora.ingress.className`          | Class name for the ingress controller                                                              | `""`                                                                                                |
+| `collabora.ingress.annotations`        | Annotations for the ingress resource                                                               | `{}`                                                                                                |
+| `collabora.ingress.hosts`              | List of hosts for the Collabora ingress                                                            | `[{"host": "chart-example.local", "paths": [{"path": "/", "pathType": "ImplementationSpecific"}]}]` |
+| `collabora.ingress.tls`                | TLS configuration for the Collabora ingress                                                        | `[]`                                                                                                |
+| `collabora.resources`                  | Resource requests and limits for the Collabora Online pods                                         | `{}`                                                                                                |
+> **Note**:
+>
+> You may need to uncomment `collabora.collabora.aliasgroups` and `collabora.collabora.extra_params`, depending on your setup. You may also need to set `collabora.collabora.server_name`. If left empty, it's derived from the request, so please set it if it doesn't work.
+>
+> If you have both Nextcloud and Collabora behind a reverse proxy with HTTPS, `collabora.collabora.aliasgroups` should match your Nextcloud domain and `collabora.collabora.server_name` (if needed) should match your Collabora domain.
+>
+> For more information, please check the [Collabora documentation](https://sdk.collaboraonline.com/docs/installation/index.html).
+
+### Imaginary
+
+We include an optional external preview provider from [h2non/imaginary](https://github.com/h2non/imaginary).
+
+| Parameter                              | Description                                                                             | Default           |
+|----------------------------------------|-----------------------------------------------------------------------------------------|-------------------|
+| `imaginary.enabled`                    | Start Imaginary                                                                         | `false`           |
+| `imaginary.replicaCount`               | Number of imaginary pod replicas to deploy                                              | `1`               |
+| `imaginary.image.registry`             | Imaginary image name                                                                    | `docker.io`       |
+| `imaginary.image.repository`           | Imaginary image name                                                                    | `h2non/imaginary` |
+| `imaginary.image.tag`                  | Imaginary image tag                                                                     | `1.2.4`           |
+| `imaginary.image.pullPolicy`           | Imaginary image pull policy                                                             | `IfNotPresent`    |
+| `imaginary.image.pullSecrets`          | Imaginary image pull secrets                                                            | `nil`             |
+| `imaginary.podAnnotations`             | Additional annotations for imaginary                                                    | `{}`              |
+| `imaginary.podLabels`                  | Additional labels for imaginary                                                         | `{}`              |
+| `imaginary.resources`                  | imaginary resources                                                                     | `{}`              |
+| `imaginary.securityContext`            | Optional security context for the Imaginary container                                   | `nil`             |
+| `imaginary.podSecurityContext`         | Optional security context for the Imaginary pod (applies to all containers in the pod)  | `nil`             |
+| `imaginary.service.type`               | Imaginary: Kubernetes Service type                                                      | `ClusterIP`       |
+| `imaginary.service.loadBalancerIP`     | Imaginary: LoadBalancerIp for service type LoadBalancer                                 | `nil`             |
+| `imaginary.service.nodePort`           | Imaginary: NodePort for service type NodePort                                           | `nil`             |
+| `imaginary.service.annotations`        | Additional annotations for service imaginary                                            | `{}`              |
+| `imaginary.service.labels`             | Additional labels for service imaginary                                                 | `{}`              |
+
+
+> [!Note]
+> You also need to setup nextcloud, to use imaginary
+```yaml
+nextcloud:
+  defaultConfigs:
+    imaginary.config.php: true
+
+imaginary:
+  enabled: true
+```
+
 ## Cron jobs
 
 To execute [background tasks](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html) by using system cron instead of default Ajax cron, set `cronjob.enabled` parameter to `true`. Background jobs are important for tasks that do not necessarily need user intervention, but still need to be executed frequently (cleaning up, sending some notifications, pulling RSS feeds, etc.).

charts/nextcloud/README.md

@@ -1,15 +1,15 @@
 <?php
 $CONFIG = array (
-  "apps_paths" => array (
+  'apps_paths' => array (
       0 => array (
-              "path"     => OC::$SERVERROOT."/apps",
-              "url"      => "/apps",
-              "writable" => false,
+              'path'     => OC::$SERVERROOT.'/apps',
+              'url'      => '/apps',
+              'writable' => false,
       ),
       1 => array (
-              "path"     => OC::$SERVERROOT."/custom_apps",
-              "url"      => "/custom_apps",
-              "writable" => true,
+              'path'     => OC::$SERVERROOT.'/custom_apps',
+              'url'      => '/custom_apps',
+              'writable' => true,
       ),
   ),
 );

charts/nextcloud/files/defaultConfigs/apps.config.php.tpl

@@ -0,0 +1,23 @@
+<?php
+$CONFIG = array (
+  'preview_imaginary_url' => 'http://{{ template "nextcloud.fullname" . }}-imaginary',
+  'enable_previews' => true,
+  'enabledPreviewProviders' => array (
+    'OC\Preview\Imaginary',
+    'OC\Preview\ImaginaryPDF',
+    /*
+      defaults:
+      https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders
+    */
+    'OC\Preview\BMP',
+    // 'OC\Preview\GIF',
+    // 'OC\Preview\JPEG',
+    'OC\Preview\Krita',
+    'OC\Preview\MarkDown',
+    'OC\Preview\MP3',
+    'OC\Preview\OpenDocument',
+    // 'OC\Preview\PNG',
+    'OC\Preview\TXT',
+    'OC\Preview\XBitmap',
+  ),
+);

charts/nextcloud/files/defaultConfigs/imaginary.config.php.tpl

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}