DEV Community: Harry Tang The latest articles on DEV Community by Harry Tang (@mrgitops). https://dev.to/mrgitops https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1875863%2F894474a6-24bf-45a8-9fc0-fe128bf822fc.png DEV Community: Harry Tang https://dev.to/mrgitops en How to install & configure Longhorn for Kubernetes Harry Tang Wed, 07 May 2025 18:02:31 +0000 https://dev.to/mrgitops/how-to-install-configure-longhorn-for-kubernetes-cjl https://dev.to/mrgitops/how-to-install-configure-longhorn-for-kubernetes-cjl <h2> Introduction </h2> <p>Longhorn is a free, open-source, lightweight, reliable, and easy-to-use distributed block storage system for Kubernetes cluster. This guide will show you how to install and configure Longhorn for your k8s cluster.</p> <h2> Prerequisites </h2> <ul> <li>A k8s cluster &gt;=v1.25.</li> <li>Helm v3.</li> <li>Basic k8s knowledge.</li> </ul> <h2> Step-by-step Guide </h2> <ol> <li> <p>Create the <code>longhorn-system</code> namespace and configure the Helm repository.<br> </p> <pre class="highlight shell"><code>kubectl create ns longhorn-system namespace/longhorn-system created helm repo add longhorn https://charts.longhorn.io <span class="s2">"longhorn"</span> has been added to your repositories helm repo update Hang tight <span class="k">while </span>we grab the latest from your chart repositories... ...Successfully got an update from the <span class="s2">"longhorn"</span> chart repository Update Complete. ⎈Happy Helming!⎈ </code></pre> </li> <li> <p>Create the <code>longhorn.values.yaml</code> for storing the Longhorn configuration values:<br> </p> <pre class="highlight yaml"><code><span class="c1"># https://artifacthub.io/packages/helm/longhorn/longhorn?modal=values</span> </code></pre> </li> <li> <p>The first setting we want to adjust is the Data Locality; set it to <code>best-effort</code> to have Longhorn try to keep a replica on the same node as the attached volume:<br> </p> <pre class="highlight yaml"><code><span class="na">persistence</span><span class="pi">:</span> <span class="na">defaultDataLocality</span><span class="pi">:</span> <span class="s1">'</span><span class="s">best-effort'</span> </code></pre> </li> <li> <p>If you are using microk8s, you will also need to set the <code>kubeletRootDir</code> point to your kubelet directory:<br> </p> <pre class="highlight yaml"><code><span class="na">csi</span><span class="pi">:</span> <span class="na">kubeletRootDir</span><span class="pi">:</span> <span class="s">/var/snap/microk8s/common/var/lib/kubelet</span> </code></pre> </li> <li> <p>The final values should look like below:<br> </p> <pre class="highlight yaml"><code><span class="c1"># https://artifacthub.io/packages/helm/longhorn/longhorn?modal=values </span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">defaultDataLocality</span><span class="pi">:</span> <span class="s1">'</span><span class="s">best-effort'</span> <span class="na">csi</span><span class="pi">:</span> <span class="na">kubeletRootDir</span><span class="pi">:</span> <span class="s">/var/snap/microk8s/common/var/lib/kubelet</span> </code></pre> </li> <li> <p>Now it is time to install the Longhorn system:<br> </p> <pre class="highlight shell"><code>helm <span class="nb">install </span>longhorn longhorn/longhorn <span class="se">\</span> <span class="nt">--namespace</span> longhorn-system <span class="se">\</span> <span class="nt">--values</span> longhorn.values.yaml NAME: longhorn LAST DEPLOYED: Wed Jul 24 07:16:08 2024 NAMESPACE: longhorn-system STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Longhorn is now installed on the cluster! Please <span class="nb">wait </span>a few minutes <span class="k">for </span>other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. Visit our documentation at https://longhorn.io/docs/ </code></pre> </li> <li> <p>Check the status of the installation:<br> </p> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-n</span> longhorn-system NAME READY STATUS RESTARTS AGE csi-attacher-5f8b9cbbdc-2dbdg 1/1 Running 0 45s csi-attacher-5f8b9cbbdc-hq7ps 1/1 Running 0 45s csi-attacher-5f8b9cbbdc-k2tpq 1/1 Running 0 45s csi-provisioner-6d85c78995-b4b4r 1/1 Running 0 45s csi-provisioner-6d85c78995-lvvwb 1/1 Running 0 45s csi-provisioner-6d85c78995-nkm7g 1/1 Running 0 45s csi-resizer-677c8b7c75-h9kc7 1/1 Running 0 45s csi-resizer-677c8b7c75-qbvxl 1/1 Running 0 45s csi-resizer-677c8b7c75-wppts 1/1 Running 0 45s csi-snapshotter-868c6c774d-4z57t 1/1 Running 0 45s csi-snapshotter-868c6c774d-9t2cd 1/1 Running 0 45s csi-snapshotter-868c6c774d-ps5lp 1/1 Running 0 45s engine-image-ei-b0369a5d-4jqzf 1/1 Running 0 47s instance-manager-84b0d2d8f37aaeabfa5785c886a57710 1/1 Running 0 47s longhorn-csi-plugin-bsv4m 3/3 Running 0 45s longhorn-driver-deployer-6dff48688b-4497d 1/1 Running 0 62s longhorn-manager-ft96r 1/1 Running 0 62s longhorn-ui-966cf4bb4-5shp9 1/1 Running 0 62s longhorn-ui-966cf4bb4-lx2th 1/1 Running 0 62s </code></pre> </li> <li> <p>By default, the <code>longhorn</code> storage class is set to 3 replicas for redundancy. This setting is stored at the <code>longhorn-storageclass</code> config map. If your k8s cluster has less than three nodes, set it to 1 replica:<br> </p> <pre class="highlight shell"><code>kubectl get cm longhorn-storageclass <span class="nt">-n</span> longhorn-system <span class="nt">-o</span> yaml | <span class="nb">sed</span> <span class="s1">'s/numberOfReplicas: "3"/numberOfReplicas: "1"/'</span> | kubectl apply <span class="nt">-f</span> - configmap/longhorn-storageclass configured </code></pre> </li> <li> <p>Setup a recurring job to trim the filesystem periodically to reclaim disk space, create a <code>trim-filesystem.recurring-job.yaml</code> file:<br> </p> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">longhorn.io/v1beta2</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">RecurringJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">trim-filesystem</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">longhorn-system</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">concurrency</span><span class="pi">:</span> <span class="m">1</span> <span class="na">cron</span><span class="pi">:</span> <span class="s">0 0 * * *</span> <span class="na">name</span><span class="pi">:</span> <span class="s">trim-filesystem</span> <span class="na">task</span><span class="pi">:</span> <span class="s">filesystem-trim</span> <span class="na">groups</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">default</span> </code></pre> </li> <li> <p>Create another recurring job to periodically purge removable snapshots <code>snapshot-cleanup.recurring-job.yaml</code>:<br> </p> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">longhorn.io/v1beta2</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">RecurringJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">snapshot-cleanup</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">longhorn-system</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">concurrency</span><span class="pi">:</span> <span class="m">1</span> <span class="na">cron</span><span class="pi">:</span> <span class="s">12 0 * * *</span> <span class="na">groups</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">default</span> <span class="na">name</span><span class="pi">:</span> <span class="s">snapshot-cleanup</span> <span class="na">task</span><span class="pi">:</span> <span class="s">snapshot-cleanup</span> </code></pre> </li> <li> <p>Deploy all tow recurring jobs:<br> </p> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> trim-filesystem.recurring-job.yaml recurringjob.longhorn.io/trim-filesystem created kubectl apply <span class="nt">-f</span> snapshot-cleanup.recurring-job.yaml recurringjob.longhorn.io/snapshot-cleanup created </code></pre> </li> <li> <p>By default, Longhorn does not delete orphan resources automatically, but it does provide the setting for us to do so, set <code>orphan-auto-deletion</code> to <code>true</code>:<br> </p> <pre class="highlight shell"><code>kubectl <span class="nt">-n</span> longhorn-system get setting orphan-auto-deletion <span class="nt">-o</span> yaml | <span class="nb">sed</span> <span class="s1">'s/value: "false"/value: "true"/'</span> | kubectl apply <span class="nt">-f</span> - setting.longhorn.io/orphan-auto-deletion configured kubectl <span class="nt">-n</span> longhorn-system get setting orphan-auto-deletion NAME VALUE AGE orphan-auto-deletion <span class="nb">true </span>53m </code></pre> </li> </ol> <h2> Conclusion </h2> <p>Now that you have the Longhorn system installed in your Kubernetes cluster with a fine-tuned configuration. Consider following the <a href="https://longhorn.io/docs/1.6.2/best-practices" rel="noopener noreferrer">Best Practices</a> to improve your system further.</p> <p>Source: <a href="https://harrytang.xyz/blog/how-to-longhorn-k8s" rel="noopener noreferrer">https://harrytang.xyz/blog/how-to-longhorn-k8s</a>.</p> Deploy Nextcloud on Kubernetes Harry Tang Wed, 12 Mar 2025 20:49:14 +0000 https://dev.to/mrgitops/deploy-nextcloud-on-kubernetes-31n5 https://dev.to/mrgitops/deploy-nextcloud-on-kubernetes-31n5 <h2> Introduction </h2> <p>Nextcloud is an open-source data storage solution that you can self-host at home. This article shows how I deployed Nextcloud on my home Kubernetes cluster.</p> <h2> Prerequisites </h2> <ul> <li>A Kubernetes cluster.</li> <li>MariaDB (see <a href="https://harrytang.xyz/blog/deploy-mariadb-galera-maxscale-k8s" rel="noopener noreferrer">Deploy MariaDB Galera with MaxScale on Kubernetes</a>).</li> <li>MinIO (see <a href="https://harrytang.xyz/blog/deploy-minio-k8s-tenant-separation" rel="noopener noreferrer">Deploy MinIO in Kubernetes with Tenant Separation</a>).</li> <li>FluxCD.</li> <li>Sealed Secrets.</li> <li>SMTP provider.</li> <li>Cert Manager.</li> <li>CloudFlare Tunnel.</li> </ul> <h2> Step-by-step Guide </h2> <p>I used FluxCD to manage my YAML files in Git, following the GitOps approach. However, you can also use standard Helm commands for the <code>HelmRelease</code>.</p> <ol> <li>Prepare the ENVs</li> </ol> <p>I set up the environment variables for Nextcloud's user credentials, SMTP mail server, and MinIO credentials:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>```bash export NEXTCLOUD_ADMIN_USER=harry export NEXTCLOUD_ADMIN_PASSWORD=$(openssl rand -base64 32) export SMTP_HOST=smtp.eu.mailgun.org export SMTP_USER=nextcloud@notify.harrytang.com export SMTP_PASSWORD=YOUR_SMTP_PASSWORD export MINIO_ACCESS_KEY=YOUR_MINIO_ACCESS_KEY export MINIO_SECRET_KEY=YOUR_MINIO_SECRET_KEY ``` </code></pre> </div> <ol> <li>Create Sealed Secrets </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl <span class="nt">-n</span> nextcloud create secret generic nextcloud-secrets <span class="nt">--dry-run</span><span class="o">=</span>client <span class="nt">--from-literal</span><span class="o">=</span>nextcloud-password<span class="o">=</span><span class="nv">$NEXTCLOUD_ADMIN_PASSWORD</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>nextcloud-username<span class="o">=</span><span class="nv">$NEXTCLOUD_ADMIN_USER</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>smtp-host<span class="o">=</span><span class="nv">$SMTP_HOST</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>smtp-username<span class="o">=</span><span class="nv">$SMTP_USER</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>smtp-password<span class="o">=</span><span class="nv">$SMTP_PASSWORD</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>minio-access-key<span class="o">=</span><span class="nv">$MINIO_ACCESS_KEY</span> <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>minio-secret-key<span class="o">=</span><span class="nv">$MINIO_SECRET_KEY</span> <span class="se">\</span> <span class="nt">-o</span> yaml | kubeseal <span class="nt">--format</span><span class="o">=</span>yaml <span class="o">&gt;</span> sealed-secret.yaml </code></pre> </div> <ol> <li> <p>Create the Certificate</p> <p>I use a wildcard certificate to access Nextcloud both from home and remotely via the domains <code>homecloud.harrytang.com</code> and <code>nextcloud.harrytang.com</code>, respectively.<br> </p> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">cert-manager.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Certificate</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">harrytang-com</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">harrytang-com-tls</span> <span class="na">dnsNames</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">harrytang.com'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">*.harrytang.com'</span> <span class="na">issuerRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterIssuer</span> </code></pre> </li> <li> <p>Deploy Ingress</p> <p>I use Nginx Ingress to expose Nextcloud within my home network (by adding an A record to my domain):<br> </p> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/proxy-body-size</span><span class="pi">:</span> <span class="s">100G</span> <span class="na">nginx.ingress.kubernetes.io/proxy-read-timeout</span><span class="pi">:</span> <span class="s1">'</span><span class="s">86400'</span> <span class="na">nginx.ingress.kubernetes.io/proxy-send-timeout</span><span class="pi">:</span> <span class="s1">'</span><span class="s">86400'</span> <span class="na">nginx.ingress.kubernetes.io/proxy-connect-timeout</span><span class="pi">:</span> <span class="s1">'</span><span class="s">86400'</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">homecloud.harrytang.com</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">harrytang-com-tls</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">homecloud.harrytang.com</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="s">8080</span> </code></pre> </li> <li> <p>Config CloudFlare Tunnel</p> <p>Configure Cloudflare Tunnel to acess your Nextcloud remotely and securely:<br> </p> <pre class="highlight yaml"><code><span class="nn">...</span> <span class="na">ingress</span><span class="pi">:</span> <span class="c1"># https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/origin-configuration/#tls-settings </span> <span class="pi">-</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">nextcloud.harrytang.com</span> <span class="na">service</span><span class="pi">:</span> <span class="s">http://nextcloud.nextcloud:8080</span> <span class="nn">...</span> </code></pre> </li> <li> <p>Deploy Nextcloud</p> <p>Finally, after setting everything up, I deployed Nextcloud:<br> </p> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">source.toolkit.fluxcd.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">HelmRepository</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">24h</span> <span class="na">url</span><span class="pi">:</span> <span class="s">https://nextcloud.github.io/helm/</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">helm.toolkit.fluxcd.io/v2</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">HelmRelease</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">24h</span> <span class="na">chart</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">chart</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">~6.6.4'</span> <span class="na">sourceRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">HelmRepository</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">24h</span> <span class="na">values</span><span class="pi">:</span> <span class="na">replicaCount</span><span class="pi">:</span> <span class="m">1</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">180</span> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">180</span> <span class="na">nextcloud</span><span class="pi">:</span> <span class="na">update</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">host</span><span class="pi">:</span> <span class="s">nextcloud.harrytang.com</span> <span class="na">trustedDomains</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nextcloud.harrytang.com</span> <span class="pi">-</span> <span class="s">homecloud.harrytang.com</span> <span class="na">existingSecret</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">nextcloud-secrets</span> <span class="na">mail</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">fromAddress</span><span class="pi">:</span> <span class="s">noreply</span> <span class="na">domain</span><span class="pi">:</span> <span class="s">harrytang.com</span> <span class="na">objectStore</span><span class="pi">:</span> <span class="na">s3</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">bucket</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">usePathStyle</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">host</span><span class="pi">:</span> <span class="s">minio.nextcloud.svc.cluster.local</span> <span class="na">existingSecret</span><span class="pi">:</span> <span class="s">nextcloud-secrets</span> <span class="na">secretKeys</span><span class="pi">:</span> <span class="na">accessKey</span><span class="pi">:</span> <span class="s">minio-access-key</span> <span class="na">secretKey</span><span class="pi">:</span> <span class="s">minio-secret-key</span> <span class="na">ssl</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">configs</span><span class="pi">:</span> <span class="na">proxy.config.php</span><span class="pi">:</span> <span class="pi">|-</span> <span class="s">&lt;?php</span> <span class="s">$CONFIG = array (</span> <span class="s">'trusted_proxies' =&gt; array(</span> <span class="s">0 =&gt; '127.0.0.1',</span> <span class="s">1 =&gt; '10.0.0.0/8',</span> <span class="s">),</span> <span class="s">'forwarded_for_headers' =&gt; array('HTTP_X_FORWARDED_FOR'),</span> <span class="s">);</span> <span class="na">zz.config.php</span><span class="pi">:</span> <span class="pi">|-</span> <span class="s">&lt;?php</span> <span class="s">$CONFIG = array (</span> <span class="s">'trusted_domains' =&gt; array(</span> <span class="s">0 =&gt; 'localhost',</span> <span class="s">1 =&gt; 'nextcloud.harrytang.com',</span> <span class="s">2 =&gt; 'homecloud.harrytang.com',</span> <span class="s">),</span> <span class="s">);</span> <span class="na">phpConfigs</span><span class="pi">:</span> <span class="na">zz-custom.ini</span><span class="pi">:</span> <span class="pi">|-</span> <span class="s">memory_limit=1024M</span> <span class="s">upload_max_filesize=100G</span> <span class="s">post_max_size=100G</span> <span class="s">max_execution_time=86400</span> <span class="s">max_input_time=86400</span> <span class="na">extraVolumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">private-ca</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">private-ca</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">private-ca.pem</span> <span class="na">path</span><span class="pi">:</span> <span class="s">private-ca.crt</span> <span class="na">extraVolumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">private-ca</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/usr/local/share/ca-certificates</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">lifecycle</span><span class="pi">:</span> <span class="na">postStartCommand</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">update-ca-certificates</span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">accessMode</span><span class="pi">:</span> <span class="s">ReadWriteMany</span> <span class="na">phpClientHttpsFix</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">cronjob</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">internalDatabase</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">externalDatabase</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">mysql</span> <span class="na">host</span><span class="pi">:</span> <span class="s">maxscale-galera.nextcloud.svc.cluster.local</span> <span class="na">database</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">existingSecret</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">mariadb</span> <span class="na">usernameKey</span><span class="pi">:</span> <span class="s">mariadb-username</span> <span class="na">passwordKey</span><span class="pi">:</span> <span class="s">mariadb-password</span> </code></pre> </li> </ol> <h2> Conclusion </h2> <p>Running Nextcloud on your home lab Kubernetes cluster provides a secure and private way to store your data. You can store unlimited photos and videos for yourself and your family while accessing them from anywhere.</p> <h2> References </h2> <ul> <li> <a href="https://nextcloud.com" rel="noopener noreferrer">Nextcloud</a>.</li> <li> <a href="https://github.com/nextcloud/helm" rel="noopener noreferrer">Nextcloud Helm Charts</a>.</li> </ul> nextcloud kubernetes mariadb minio