nextcloud · wrenix · Nov 26, 2025 · Jul 7, 2025 · Jul 7, 2025 · Jul 15, 2025
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -95,6 +95,14 @@ jobs:
             helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml"
             test: true
 
+          # test the helm chart with extra manifests
+          - name: Extra Manifests Enabled
+            helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/extra-manifests.yaml"
+            test: true
+          - name: Extra Manifests using a map Enabled
+            helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/extra-manifests-map.yaml"
+            test: true
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6

diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nextcloud
-version: 8.5.10
+version: 8.6.0
 # renovate: image=docker.io/library/nextcloud
 appVersion: 32.0.2
 description: A file sharing server that puts the control and security of your own data back into your hands.

diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md
@@ -11,47 +11,51 @@ helm install my-release nextcloud/nextcloud
 
 ## Quick Links
 
-* [Introduction](#introduction)
-* [Prerequisites](#prerequisites)
-* [Installing the Chart](#installing-the-chart)
-* [Uninstalling the Chart](#uninstalling-the-chart)
-* [Upgrade / Breaking Changes](#upgrade--breaking-changes)
-* [Configuration](#configuration)
-    * [Ingress](#ingress)
-        * [Ingress Sticky-Sessions](#ingress-sticky-sessions)
-            * [NGINX Ingress-Controller](#nginx-ingress-controller)
-            * [Traefik Ingress-Controller](#traefik-ingress-controller)
-            * [HAProxy Ingress-Controller (Community-Version)](#haproxy-ingress-controller-community-version)
-    * [Database Configurations](#database-configurations)
-    * [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
-    * [Persistence Configurations](#persistence-configurations)
-    * [Metrics Configurations](#metrics-configurations)
-    * [Headers set on NGINX](#headers-set-on-nginx)
-    * [Probes Configurations](#probes-configurations)
-    * [Collabora Configuration](#collabora-configuration)
-    * [Imaginary](#imaginary)
-* [Cron jobs](#cron-jobs)
-* [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
-* [Multiple config.php file](#multiple-configphp-file)
-* [Using nginx](#using-nginx)
-    * [Service discovery with nginx and ingress](#service-discovery-with-nginx-and-ingress)
-* [Preserving Source IP](#preserving-source-ip)
-* [Hugepages](#hugepages)
-* [HPA (Clustering)](#hpa-clustering)
-* [Adjusting PHP ini values](#adjusting-php-ini-values)
-* [Running `occ` commands](#running-occ-commands)
-    * [Putting Nextcloud into maintanence mode](#putting-nextcloud-into-maintanence-mode)
-    * [Downloading models for recognize](#downloading-models-for-recognize)
-* [Backups](#backups)
-* [Upgrades](#upgrades)
-* [Troubleshooting](#troubleshooting)
-    * [Logging](#logging)
-        * [Changing the logging behavior](#changing-the-logging-behavior)
-        * [Viewing the logs](#viewing-the-logs)
-            * [Exec into the kubernetes pod:](#exec-into-the-kubernetes-pod)
-            * [Then look for the `nextcloud.log` file with tail or cat:](#then-look-for-the-nextcloudlog-file-with-tail-or-cat)
-            * [Copy the log file to your local machine:](#copy-the-log-file-to-your-local-machine)
-        * [Sharing the logs](#sharing-the-logs)
+- [Nextcloud Helm Chart](#nextcloud-helm-chart)
+  - [TL;DR;](#tldr)
+  - [Quick Links](#quick-links)
+  - [Introduction](#introduction)
+  - [Prerequisites](#prerequisites)
+  - [Installing the Chart](#installing-the-chart)
+  - [Uninstalling the Chart](#uninstalling-the-chart)
+  - [Upgrade / Breaking Changes](#upgrade--breaking-changes)
+  - [Configuration](#configuration)
+    - [Ingress](#ingress)
+      - [Ingress Sticky-Sessions](#ingress-sticky-sessions)
+        - [NGINX Ingress-Controller](#nginx-ingress-controller)
+        - [Traefik Ingress-Controller](#traefik-ingress-controller)
+        - [HAProxy Ingress-Controller (Community-Version)](#haproxy-ingress-controller-community-version)
+    - [Database Configurations](#database-configurations)
+    - [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
+    - [Persistence Configurations](#persistence-configurations)
+    - [Metrics Configurations](#metrics-configurations)
+    - [Headers set on NGINX](#headers-set-on-nginx)
+    - [Probes Configurations](#probes-configurations)
+    - [Collabora Configuration](#collabora-configuration)
+    - [Imaginary](#imaginary)
+  - [Cron jobs](#cron-jobs)
+  - [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
+  - [Multiple config.php file](#multiple-configphp-file)
+  - [Using nginx](#using-nginx)
+    - [Service discovery with nginx and ingress](#service-discovery-with-nginx-and-ingress)
+  - [Preserving Source IP](#preserving-source-ip)
+  - [Hugepages](#hugepages)
+  - [HPA (Clustering)](#hpa-clustering)
+  - [Adjusting PHP ini values](#adjusting-php-ini-values)
+  - [Running `occ` commands](#running-occ-commands)
+    - [Putting Nextcloud into maintanence mode](#putting-nextcloud-into-maintanence-mode)
+    - [Downloading models for recognize](#downloading-models-for-recognize)
+  - [Injecting Additional Manifests (`extraManifests`)](#injecting-additional-manifests-extramanifests)
+- [Backups](#backups)
+- [Upgrades](#upgrades)
+- [Troubleshooting](#troubleshooting)
+  - [Logging](#logging)
+    - [Changing the logging behavior](#changing-the-logging-behavior)
+    - [Viewing the logs](#viewing-the-logs)
+      - [Exec into the kubernetes pod:](#exec-into-the-kubernetes-pod)
+      - [Then look for the `nextcloud.log` file with tail or cat:](#then-look-for-the-nextcloudlog-file-with-tail-or-cat)
+      - [Copy the log file to your local machine:](#copy-the-log-file-to-your-local-machine)
+    - [Sharing the logs](#sharing-the-logs)
 
 ## Introduction
 
@@ -249,6 +253,7 @@ The following table lists the configurable parameters of the nextcloud chart and
 | `podAnnotations`                                            | Annotations to be added at 'pod' level                                                              | not set                                                      |
 | `dnsConfig`                                                 | Custom dnsConfig for nextcloud containers                                                           | `{}`                                                         |
 | `topologySpreadConstraints`                                 | TopologySpreadConstraints for nextcloud pod and cronjob pod                                         | `{}`                                                         |
+| `extraManifests`                                            | Map or List of additional Kubernetes manifests to render with the release. If a List is provided, each item can be either a YAML string (multi-line block) or a YAML object. Useful for custom resources like Traefik IngressRoutes, Middlewares, etc. | `[]`                       |
 
 ### Ingress
 #### Ingress Sticky-Sessions
@@ -801,6 +806,53 @@ kubectl exec $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ maintenance:mo
 kubectl exec $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ recognize:download-models"
 ```
 
+## Injecting Additional Manifests (`extraManifests`)
+
+You can inject additional Kubernetes manifests (such as Traefik IngressRoutes, Middlewares, or any custom resources) directly via `values.yaml` using the `extraManifests` value.
+
+`extraManifests` is either:
+- a map of manifest names to their YAML definitions
+- a list of YAML definitions, where each itemin the list can be either:
+  - a string containing valid YAML (multi-line block, e.g. with `|`), or
+  - a YAML object (inline YAML structure).
+
+These manifests will be rendered as part of the Helm release.
+
+**Example usage in `values.yaml`:**
+
+```yaml
+extraManifests:
+  - |
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: my-middleware
+    spec:
+      ...
+  - apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: my-ingressroute
+    spec:
+      ...
+# Or as a map:
+extraManifests:
+  my-middleware:
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: my-middleware
+    spec:
+      ...
+  my-ingressroute:
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: my-ingressroute
+    spec:
+      ...
+```
+
 # Backups
 Check out the [official Nextcloud backup docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html). For your files, if you're using persistent volumes, and you'd like to back up to s3 backed storage (such as minio), consider using [k8up](https://github.com/k8up-io/k8up) or [velero](https://github.com/vmware-tanzu/velero).
 

diff --git a/charts/nextcloud/templates/extra-manifests.yaml b/charts/nextcloud/templates/extra-manifests.yaml
@@ -0,0 +1,14 @@
+{{- /*
+  Renders extra manifests provided by the user in values.yaml under extraManifests.
+  extraManifests can be a map (keyed by manifest name) or a list of manifests.
+  If a map, each key is the name of the manifest.
+  If an array, each item is a manifest, which can be a string (YAML block) or a YAML object.
+*/ -}}
+{{- range $manifest := .Values.extraManifests }}
+---
+{{- if kindIs "string" $manifest }}
+{{ tpl $manifest $ }}
+{{- else }}
+{{ tpl (toYaml $manifest) $ }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/test-values/extra-manifests-map.yaml b/charts/nextcloud/test-values/extra-manifests-map.yaml
@@ -0,0 +1,25 @@
+fullnameOverride: nextcloud
+
+nextcloud:
+  host: nextcloud
+  trustedDomains:
+    - 'nextcloud.nextcloud.svc.cluster.local'
+    - 'nextcloud'
+
+extraManifests:
+  my-config-map: |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: custom-config
+      labels:
+        {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+    data:
+      customKey: customValue
+  my-secret:
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: '{{ template "nextcloud.fullname" . }}-custom-secret'
+    data:
+      secretKey: c2VjcmV0VmFsdWU=
diff --git a/charts/nextcloud/test-values/extra-manifests.yaml b/charts/nextcloud/test-values/extra-manifests.yaml
@@ -0,0 +1,24 @@
+fullnameOverride: nextcloud
+
+nextcloud:
+  host: nextcloud
+  trustedDomains:
+    - 'nextcloud.nextcloud.svc.cluster.local'
+    - 'nextcloud'
+
+extraManifests:
+  - |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: custom-config
+      labels:
+        {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+    data:
+      customKey: customValue
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: '{{ template "nextcloud.fullname" . }}-custom-secret'
+    data:
+      secretKey: c2VjcmV0VmFsdWU=
diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
@@ -1035,3 +1035,41 @@ rbac:
 
 ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
 securityContext: {}
+
+# -- Allows users to inject additional Kubernetes manifests (YAML) to be rendered with the release.
+# Could either be a list or a map
+# If a map, each key is the name of the manifest.
+# If an array, each item is a manifest, which can be a string (YAML block) or a YAML object.
+# Each item should be a string containing valid YAML. Example:
+# extraManifests:
+#   - |
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: Middleware
+#     metadata:
+#       name: my-middleware
+#     spec:
+#       ...
+#   - |
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: IngressRoute
+#     metadata:
+#       name: my-ingressroute
+#     spec:
+#       ...
+# Or as a map:
+# extraManifests:
+#   my-middleware:
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: Middleware
+#     metadata:
+#       name: my-middleware
+#     spec:
+#       ...
+#   my-ingressroute:
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: IngressRoute
+#     metadata:
+#       name: my-ingressroute
+#     spec:
+#       ...
+extraManifests: []