if I can avoid reinstalling a running app, I would like it.
Code:
root@nas02[~]# midclt call chart.release.query '[["id", "=", "nextcloud"]]' | jq -M '.[].config'
{
"TZ": "Europe/Vienna",
"addons": {
"codeserver": {
"enabled": false
},
"vpn": {
"type": "disabled"
}
},
"advancedSecurity": false,
"collabora": {
"enabled": false,
"env": {
"DONT_GEN_SSL_CERT": true,
"aliasgroup1": {
"configMapRef": {
"key": "aliasgroup1",
"name": "nextcloudconfig"
}
},
"dictionaries": "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru",
"extra_params": "--o:welcome.enable=false --o:logging.level=information --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false ",
"server_name": ""
}
},
"configmap": {
"nginx": {
"data": {
"nginx.conf": "worker_processes auto;\n\nerror_log /var/log/nginx/error.log warn;\npid /var/run/nginx.pid;\n\n\nevents {\n worker_connections 1024;\n}\n\n\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n\n log_format main '$remote_addr - $remote_user [$time_local] \"$request\" '\n '$status $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n access_log /var/log/nginx/access.log main;\n\n sendfile on;\n #tcp_nopush on;\n\n # Prevent nginx HTTP Server Detection\n server_tokens off;\n\n keepalive_timeout 65;\n\n #gzip on;\n\n upstream php-handler {\n server 127.0.0.1:9000;\n }\n\n server {\n listen 8080;\n absolute_redirect off;\n\n # Forward Notify_Push \"High Performance Backend\" to it's own container\n location ^~ /push/ {\n proxy_pass http://127.0.0.1:7867/;\n proxy_http_version 1.1;\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"Upgrade\";\n proxy_set_header Host $host;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n\n # HSTS settings\n # WARNING: Only add the preload option once you read about\n # the consequences in https://hstspreload.org/. This option\n # will add the domain to a hardcoded list that is shipped\n # in all major browsers and getting removed from this list\n # could take several months.\n #add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload;\" always;\n\n # set max upload size\n client_max_body_size {{ .Values.env.PHP_UPLOAD_LIMIT | default \"512M\" }};\n fastcgi_buffers 64 4K;\n\n # Enable gzip but do not remove ETag headers\n gzip on;\n gzip_vary on;\n gzip_comp_level 4;\n gzip_min_length 256;\n gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;\n gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;\n\n # Pagespeed is not supported by Nextcloud, so if your server is built\n # with the `ngx_pagespeed` module, uncomment this line to disable it.\n #pagespeed off;\n\n # HTTP response headers borrowed from Nextcloud `.htaccess`\n add_header Referrer-Policy \"no-referrer\" always;\n add_header X-Content-Type-Options \"nosniff\" always;\n add_header X-Download-Options \"noopen\" always;\n add_header X-Frame-Options \"SAMEORIGIN\" always;\n add_header X-Permitted-Cross-Domain-Policies \"none\" always;\n add_header X-Robots-Tag \"none\" always;\n add_header X-XSS-Protection \"1; mode=block\" always;\n\n # Remove X-Powered-By, which is an information leak\n fastcgi_hide_header X-Powered-By;\n\n # Path to the root of your installation\n root /var/www/html;\n\n # Specify how to handle directories -- specifying `/index.php$request_uri`\n # here as the fallback means that Nginx always exhibits the desired behaviour\n # when a client requests a path that corresponds to a directory that exists\n # on the server. In particular, if that directory contains an index.php file,\n # that file is correctly served; if it doesn't, then the request is passed to\n # the front-end controller. This consistent behaviour means that we don't need\n # to specify custom rules for certain paths (e.g. images and other assets,\n # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus\n # `try_files $uri $uri/ /index.php$request_uri`\n # always provides the desired behaviour.\n index index.php index.html /index.php$request_uri;\n\n # Rule borrowed from `.htaccess` to handle Microsoft DAV clients\n location = / {\n if ( $http_user_agent ~ ^DavClnt ) {\n return 302 /remote.php/webdav/$is_args$args;\n }\n }\n\n location = /robots.txt {\n allow all;\n log_not_found off;\n access_log off;\n }\n\n # Make a regex exception for `/.well-known` so that clients can still\n # access it despite the existence of the regex rule\n # `location ~ /(\\.|autotest|...)` which would otherwise handle requests\n # for `/.well-known`.\n location ^~ /.well-known {\n # The rules in this block are an adaptation of the rules\n # in `.htaccess` that concern `/.well-known`.\n\n location = /.well-known/carddav { return 301 /remote.php/dav/; }\n location = /.well-known/caldav { return 301 /remote.php/dav/; }\n\n # according to the documentation these two lines are not necessary, but some users are still recieving errors\n location = /.well-known/webfinger { return 301 /index.php$uri; }\n location = /.well-known/nodeinfo { return 301 /index.php$uri; }\n\n location /.well-known/acme-challenge { try_files $uri $uri/ =404; }\n location /.well-known/pki-validation { try_files $uri $uri/ =404; }\n\n # Let Nextcloud's API for `/.well-known` URIs handle all other\n # requests by passing them to the front-end controller.\n return 301 /index.php$request_uri;\n }\n\n # Rules borrowed from `.htaccess` to hide certain paths from clients\n location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }\n location ~ ^/(?:\\.|autotest|occ|issue|indie|db_|console) { return 404; }\n\n # Ensure this block, which passes PHP files to the PHP process, is above the blocks\n # which handle static assets (as seen below). If this block is not declared first,\n # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`\n # to the URI, resulting in a HTTP 500 error response.\n location ~ \\.php(?:$|/) {\n # Required for legacy support\n rewrite ^/(?!index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy) /index.php$request_uri;\n\n fastcgi_split_path_info ^(.+?\\.php)(/.*)$;\n set $path_info $fastcgi_path_info;\n\n try_files $fastcgi_script_name =404;\n\n include fastcgi_params;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n fastcgi_param PATH_INFO $path_info;\n #fastcgi_param HTTPS on;\n\n fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice\n fastcgi_param front_controller_active true; # Enable pretty urls\n fastcgi_pass php-handler;\n\n fastcgi_intercept_errors on;\n fastcgi_request_buffering off;\n\n proxy_send_timeout 300s;\n proxy_read_timeout 300s;\n fastcgi_send_timeout 300s;\n fastcgi_read_timeout 300s;\n }\n\n location ~ \\.(?:css|js|svg|gif)$ {\n try_files $uri /index.php$request_uri;\n expires 6M; # Cache-Control policy borrowed from `.htaccess`\n access_log off; # Optional: Don't log access to assets\n }\n\n location ~ \\.woff2?$ {\n try_files $uri /index.php$request_uri;\n expires 7d; # Cache-Control policy borrowed from `.htaccess`\n access_log off; # Optional: Don't log access to assets\n }\n\n # Rule borrowed from `.htaccess`\n location /remote {\n return 301 /remote.php$request_uri;\n }\n\n location / {\n try_files $uri $uri/ /index.php$request_uri;\n }\n }\n}"
},
"enabled": true
}
},
"controller": {
"replicas": 1
},
"cronjob": {
"annotations": {},
"enabled": true,
"failedJobsHistoryLimit": 5,
"generatePreviews": true,
"schedule": "*/5 * * * *",
"successfulJobsHistoryLimit": 2
},
"customextraargs": false,
"deviceList": [],
"docs": {
"confirmDocs": true
},
"donateNag": {
"confirmDonate": true
},
"env": {
"AccessIP": "192.168.0.112",
"NC_check_data_directory_permissions": "true",
"NEXTCLOUD_CHUNKSIZE": "31457280",
"NEXTCLOUD_INIT_HTACCESS": true,
"PHP_MEMORY_LIMIT": "4G",
"PHP_UPLOAD_LIMIT": "10G",
"POSTGRES_DB": "{{ .Values.postgresql.postgresqlDatabase }}",
"POSTGRES_HOST": {
"secretKeyRef": {
"key": "plainporthost",
"name": "dbcreds"
}
},
"POSTGRES_PASSWORD": {
"secretKeyRef": {
"key": "postgresql-password",
"name": "dbcreds"
}
},
"POSTGRES_USER": "{{ .Values.postgresql.postgresqlUsername }}",
"REDIS_HOST": {
"secretKeyRef": {
"key": "plainhost",
"name": "rediscreds"
}
},
"REDIS_HOST_PASSWORD": {
"secretKeyRef": {
"key": "redis-password",
"name": "rediscreds"
}
},
"TRUSTED_PROXIES": "172.16.0.0/16 127.0.0.1"
},
"envFrom": [
{
"configMapRef": {
"name": "nextcloudconfig"
}
}
],
"envList": [],
"global": {
"isSCALE": true,
"ixChartContext": {
"isInstall": false,
"isUpdate": true,
"isUpgrade": false,
"operation": "UPDATE",
"storageClassName": "ix-storage-class-nextcloud",
"upgradeMetadata": {}
}
},
"horizontalPodAutoscaler": [],
"hostAliases": [
{
"hostnames": [
"{{ if .Values.ingress.main.enabled }}{{ with (first .Values.ingress.main.hosts) }}{{ .host }}{{ end }}{{ else }}placeholder.fakedomain.dns{{ end }}"
],
"ip": "{{ .Values.env.AccessIP | default \"127.0.0.1\" }}"
}
],
"hpb": {
"enabled": true
},
"image": {
"pullPolicy": "IfNotPresent",
"repository": "tccr.io/truecharts/nextcloud-fpm",
"tag": "25.0.2@sha256:59e6d2be5139cdeb030a095fb92b97e01d7d53071dc34b487956065a385d3a32"
},
"imaginary": {
"enabled": true,
"preview_bmp": true,
"preview_font": false,
"preview_gif": true,
"preview_heic": false,
"preview_illustrator": false,
"preview_jpeg": true,
"preview_krita": true,
"preview_markdown": true,
"preview_max_filesize_image": 150,
"preview_max_memory": 512,
"preview_max_x": 2048,
"preview_max_y": 2048,
"preview_movie": false,
"preview_mp3": true,
"preview_msoffice2003": false,
"preview_msoffice2007": false,
"preview_msofficedoc": false,
"preview_opendoc": true,
"preview_pdf": false,
"preview_photoshop": false,
"preview_png": true,
"preview_postscript": false,
"preview_staroffice": false,
"preview_svg": false,
"preview_tiff": false,
"preview_txt": true,
"preview_xbitmap": true
},
"imaginaryImage": {
"pullPolicy": "IfNotPresent",
"repository": "h2non/imaginary",
"tag": "1.2.4@sha256:7facb4221047a5e79b9e902f380247f4e5bf4376400d0badbeb738d3e1c2f654"
},
"ingress": {
"main": {
"enabled": true,
"entrypoint": "websecure",
"hosts": [
{
"host": "some_domain",
"paths": [
{
"path": "/",
"pathType": "Prefix"
}
]
}
],
"ingressClassName": "",
"middlewares": [],
"tls": [
{
"hosts": [
"some_domain"
],
"scaleCert": 4
}
]
}
},
"ingressList": [],
"initContainers": {
"prestart": {
"command": [
"/bin/sh",
"-c",
"/bin/bash <<'EOF'\necho \"Forcing permissions on userdata folder...\"\necho \"Trying to override ownship using nfs4xdr_winacl...\"\n/usr/bin/nfs4xdr_winacl -a chown -G 33 -r -c '/var/www/html/data' -p '/var/www/html/data' || echo \"Failed setting ownership...\"\nchmod 770 /var/www/html/data || echo \"Failed to chmod...\"\nEOF\n"
],
"image": "{{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }}",
"securityContext": {
"privileged": true,
"runAsGroup": 0,
"runAsUser": 0
},
"volumeMounts": [
{
"mountPath": "/var/www/html/data",
"name": "data"
},
{
"mountPath": "/var/www/html",
"name": "html"
}
]
}
},
"ixCertificateAuthorities": {},
"ixCertificates": {
"4": {
"CA_type_existing": false,
"CA_type_intermediate": false,
"CA_type_internal": false,
"CSR": "-----BEGIN CERTIFICATE REQUEST-----_my_cert_here_----END CERTIFICATE REQUEST-----\n",
"DN": "/CN=*._some_tld/subjectAltName=DNS:*._some_tld",
"acme": {
"directory": "https://acme-v02.api.letsencrypt.org/directory/",
"id": 1,
"new_account_uri": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"new_nonce_uri": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"new_order_uri": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revoke_cert_uri": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"tos": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/446426310"
},
"acme_uri": "https://acme-v02.api.letsencrypt.org/acme/order/446426310/142265876527",
"can_be_revoked": false,
"cert_type": "CERTIFICATE",
"cert_type_CSR": false,
"cert_type_existing": true,
"cert_type_internal": false,
"certificate": "-----BEGIN CERTIFICATE-----_mn_cert_here_-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----_my_vert_here-----END CERTIFICATE-----\n",
"certificate_path": "/etc/certificates/LetsEncrtypt-_some_tld_.crt",
"chain": true,
"chain_list": [
"-----BEGIN CERTIFICATE-----_my_cert_here-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----_my_cert_here-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----_my_cert_here-----END CERTIFICATE-----"
],
"city": null,
"common": "*.tld",
"country": null,
"csr_path": "/etc/certificates/LetsEncrtypt-tld.csr",
"digest_algorithm": "SHA256",
"domains_authenticators": {
"DNS:*.tld": 2
},
"email": null,
"extensions": {
"AuthorityInfoAccess": "OCSP - URI:http://r3.o.lencr.org\nCA Issuers - URI:http://r3.i.lencr.org/\n",
"AuthorityKeyIdentifier": "keyid:_my_cert_here",
"BasicConstraints": "CA:FALSE",
"CertificatePolicies": "Policy: 2.23.140.1.2.1\nPolicy: 1.3.6.1.4.1.44947.1.1.1\n CPS: http://cps.letsencrypt.org\n",
"Ct_precert_scts": _my_cert_here",
"ExtendedKeyUsage": "TLS Web Server Authentication, TLS Web Client Authentication",
"KeyUsage": "Digital Signature, Key Encipherment",
"SubjectAltName": "DNS:*.tld",
"SubjectKeyIdentifier": "_my_cert_here"
},
"fingerprint": "_my_cert_here",
"from": "Wed Nov 9 00:35:27 2022",
"id": 4,
"internal": "NO",
"issuer": "external",
"key_length": 2048,
"key_type": "RSA",
"lifetime": 89,
"name": "LetsEncrtypt-tld",
"organization": null,
"organizational_unit": null,
"parsed": true,
"privatekey": "-----BEGIN PRIVATE KEY-----_my_cert_here",
"privatekey_path": "/etc/certificates/LetsEncrtypt-tld.key",
"renew_days": 10,
"revoked": false,
"revoked_date": null,
"root_path": "/etc/certificates",
"san": [
"DNS:*.tld"
],
"serial":_my_cert_here,
"signedby": null,
"state": null,
"subject_name_hash": _my_cert_here
"type": 8,
"until": "Tue Feb 7 00:35:26 2023"
}
},
"ixChartContext": {
"isInstall": false,
"isUpdate": true,
"isUpgrade": false,
"operation": "UPDATE",
"storageClassName": "ix-storage-class-nextcloud",
"upgradeMetadata": {}
},
"ixExternalInterfacesConfiguration": [],
"ixExternalInterfacesConfigurationNames": [],
"ixVolumes": [],
"networkPolicy": [],
"nextcloud": {
"default_phone_region": "US"
},
"nginxImage": {
"pullPolicy": "IfNotPresent",
"repository": "tccr.io/truecharts/nginx-unprivileged",
"tag": "1.23.3@sha256:1a46c4845514d3f32debb53346f747f6a3be42ce5ae35138a8a99a88b075a1e9"
},
"persistence": {
"cache": {
"enabled": true,
"medium": "Memory",
"mountPath": "/var/cache/nginx",
"type": "emptyDir"
},
"data": {
"enabled": true,
"hostPath": "/mnt/live/nextcloud",
"mountPath": "/var/www/html/data",
"readOnly": false,
"setPermissions": true,
"type": "hostPath"
},
"html": {
"enabled": true,
"mountPath": "/var/www/html",
"readOnly": false,
"size": "990Gi",
"type": "pvc"
},
"nginx": {
"enabled": "true",
"mountPath": "/etc/nginx",
"noMount": true,
"readOnly": true,
"type": "custom",
"volumeSpec": {
"configMap": {
"items": [
{
"key": "nginx.conf",
"path": "nginx.conf"
}
],
"name": "{{ include \"tc.common.names.fullname\" . }}-nginx"
}
}
},
"varrun": {
"enabled": true
}
},
"persistenceList": [],
"podSecurityContext": {
"fsGroup": 33,
"fsGroupChangePolicy": "OnRootMismatch",
"runAsGroup": 0,
"runAsUser": 0,
"supplementalGroups": []
},
"portal": {
"enabled": true
},
"postgresql": {
"enabled": true,
"existingSecret": "dbcreds",
"postgresqlDatabase": "nextcloud",
"postgresqlUsername": "nextcloud"
},
"probes": {
"liveness": {
"custom": true,
"spec": {
"httpGet": {
"httpHeaders": [
{
"name": "Host",
"value": "test.fakedomain.dns"
}
],
"path": "/status.php",
"port": 8080
},
"initialDelaySeconds": 25
}
},
"readiness": {
"custom": true,
"spec": {
"httpGet": {
"httpHeaders": [
{
"name": "Host",
"value": "test.fakedomain.dns"
}
],
"path": "/status.php",
"port": 8080
},
"initialDelaySeconds": 25
}
},
"startup": {
"custom": true,
"spec": {
"httpGet": {
"httpHeaders": [
{
"name": "Host",
"value": "test.fakedomain.dns"
}
],
"path": "/status.php",
"port": 8080
},
"initialDelaySeconds": 25
}
}
},
"redis": {
"enabled": true,
"existingSecret": "rediscreds"
},
"resources": {
"limits": {
"cpu": "4000m",
"memory": "8Gi"
},
"requests": {
"cpu": "10m",
"memory": "50Mi"
}
},
"scaleGPU": {
"gpu.intel.com/i915": 0
},
"secretEnv": {
"NEXTCLOUD_ADMIN_PASSWORD": "surelynot",
"NEXTCLOUD_ADMIN_USER": "neverknow"
},
"security": {
"editsecurity": false
},
"securityContext": {
"allowPrivilegeEscalation": false,
"privileged": false,
"readOnlyRootFilesystem": false,
"runAsNonRoot": false
},
"service": {
"backend": {
"enabled": true,
"ports": {
"fpm": {
"enabled": true,
"port": 9000,
"targetPort": 9000
},
"hpb": {
"enabled": true,
"port": 7867,
"targetPort": 7867
},
"hpb-metrics": {
"enabled": true,
"port": 7868,
"targetPort": 7868
},
"imaginary": {
"enabled": true,
"port": 9090,
"targetPort": 9090
}
}
},
"main": {
"enabled": true,
"ports": {
"main": {
"port": 78,
"targetPort": 8080
}
},
"type": "Simple"
}
},
"serviceexpert": false
}
