feat(helm)!: Update chart nextcloud to 6.1.0 #40
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
--- kubernetes/apps/default/nextcloud/app Kustomization: flux-system/nextcloud HelmRelease: default/nextcloud
+++ kubernetes/apps/default/nextcloud/app Kustomization: flux-system/nextcloud HelmRelease: default/nextcloud
@@ -14,13 +14,13 @@
chart: nextcloud
interval: 15m
sourceRef:
kind: HelmRepository
name: nextcloud
namespace: flux-system
- version: 5.5.2
+ version: 6.1.0
dependsOn:
- name: cloudnative-pg
namespace: database
install:
remediation:
retries: 3 |
--- HelmRelease: default/nextcloud ConfigMap: default/nextcloud-nginxconfig
+++ HelmRelease: default/nextcloud ConfigMap: default/nextcloud-nginxconfig
@@ -5,87 +5,150 @@
name: nextcloud-nginxconfig
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
data:
- default.conf: "upstream php-handler {\n server 127.0.0.1:9000;\n}\n\nserver {\n\
- \ listen 80;\n\n # HSTS settings\n # WARNING: Only add the preload option\
- \ once you read about\n # the consequences in https://hstspreload.org/. This\
- \ option\n # will add the domain to a hardcoded list that is shipped\n #\
- \ in all major browsers and getting removed from this list\n # could take several\
- \ months.\n #add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains;\
- \ preload;\" always;\n\n # set max upload size\n client_max_body_size 10G;\n\
- \ fastcgi_buffers 64 4K;\n\n # Enable gzip but do not remove ETag headers\n\
- \ gzip on;\n gzip_vary on;\n gzip_comp_level 4;\n gzip_min_length\
- \ 256;\n gzip_proxied expired no-cache no-store private no_last_modified no_etag\
- \ auth;\n gzip_types application/atom+xml application/javascript application/json\
- \ application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json\
- \ application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json\
- \ application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml\
- \ image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc\
- \ text/vtt text/x-component text/x-cross-domain-policy;\n\n # Pagespeed is\
- \ not supported by Nextcloud, so if your server is built\n # with the `ngx_pagespeed`\
- \ module, uncomment this line to disable it.\n #pagespeed off;\n\n # HTTP\
- \ response headers borrowed from Nextcloud `.htaccess`\n add_header Referrer-Policy\
- \ \"no-referrer\" always;\n add_header X-Content-Type-Options\
- \ \"nosniff\" always;\n add_header X-Download-Options\
- \ \"noopen\" always;\n add_header X-Frame-Options\
- \ \"SAMEORIGIN\" always;\n add_header X-Permitted-Cross-Domain-Policies\
- \ \"none\" always;\n add_header X-Robots-Tag \
- \ \"noindex, nofollow\" always;\n add_header X-XSS-Protection \
- \ \"1; mode=block\" always;\n\n # Remove X-Powered-By,\
- \ which is an information leak\n fastcgi_hide_header X-Powered-By;\n\n #\
- \ Add .mjs as a file extension for javascript\n # Either include it in the\
- \ default mime.types list\n # or include you can include that list explicitly\
- \ and add the file extension\n # only for Nextcloud like below:\n include\
- \ mime.types;\n types {\n text/javascript js mjs;\n } \n\n\
- \ # Path to the root of your installation\n root /var/www/html;\n\n #\
- \ Specify how to handle directories -- specifying `/index.php$request_uri`\n \
- \ # here as the fallback means that Nginx always exhibits the desired behaviour\n\
- \ # when a client requests a path that corresponds to a directory that exists\n\
- \ # on the server. In particular, if that directory contains an index.php file,\n\
- \ # that file is correctly served; if it doesn't, then the request is passed\
- \ to\n # the front-end controller. This consistent behaviour means that we\
- \ don't need\n # to specify custom rules for certain paths (e.g. images and\
- \ other assets,\n # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus\n\
- \ # `try_files $uri $uri/ /index.php$request_uri`\n # always provides the\
- \ desired behaviour.\n index index.php index.html /index.php$request_uri;\n\
- \n # Rule borrowed from `.htaccess` to handle Microsoft DAV clients\n location\
- \ = / {\n if ( $http_user_agent ~ ^DavClnt ) {\n return 302\
- \ /remote.php/webdav/$is_args$args;\n }\n }\n\n location = /robots.txt\
- \ {\n allow all;\n log_not_found off;\n access_log off;\n\
- \ }\n\n # Make a regex exception for `/.well-known` so that clients can\
- \ still\n # access it despite the existence of the regex rule\n # `location\
- \ ~ /(\\.|autotest|...)` which would otherwise handle requests\n # for `/.well-known`.\n\
- \ location ^~ /.well-known {\n # The following 6 rules are borrowed\
- \ from `.htaccess`\n\n location = /.well-known/carddav { return 301\
- \ /remote.php/dav/; }\n location = /.well-known/caldav { return 301\
- \ /remote.php/dav/; }\n # Anything else is dynamically handled by Nextcloud\n\
- \ location ^~ /.well-known { return 301 /index.php$uri; }\n\n\
- \ try_files $uri $uri/ =404;\n }\n\n # Rules borrowed from `.htaccess`\
- \ to hide certain paths from clients\n location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)\
- \ { return 404; }\n location ~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)\
- \ { return 404; }\n\n # Ensure this block, which passes PHP files\
- \ to the PHP process, is above the blocks\n # which handle static assets (as\
- \ seen below). If this block is not declared first,\n # then Nginx will encounter\
- \ an infinite rewriting loop when it prepends `/index.php`\n # to the URI,\
- \ resulting in a HTTP 500 error response.\n location ~ \\.php(?:$|/) {\n \
- \ # Required for legacy support\n rewrite ^/(?!index|remote|public|cron|core\\\
- /ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode(_arm64)?\\\
- /proxy) /index.php$request_uri;\n\n fastcgi_split_path_info ^(.+?\\.php)(/.*)$;\n\
- \ set $path_info $fastcgi_path_info;\n\n try_files $fastcgi_script_name\
- \ =404;\n\n include fastcgi_params;\n fastcgi_param SCRIPT_FILENAME\
- \ $document_root$fastcgi_script_name;\n fastcgi_param PATH_INFO $path_info;\n\
- \ #fastcgi_param HTTPS on;\n\n fastcgi_param modHeadersAvailable\
- \ true; # Avoid sending the security headers twice\n fastcgi_param\
- \ front_controller_active true; # Enable pretty urls\n fastcgi_pass\
- \ php-handler;\n\n fastcgi_intercept_errors on;\n fastcgi_request_buffering\
- \ off;\n }\n\n location ~ \\.(?:css|js|svg|gif)$ {\n try_files $uri\
- \ /index.php$request_uri;\n expires 6M; # Cache-Control policy\
- \ borrowed from `.htaccess`\n access_log off; # Optional: Don't log\
- \ access to assets\n }\n\n location ~ \\.woff2?$ {\n try_files $uri\
- \ /index.php$request_uri;\n expires 7d; # Cache-Control policy\
- \ borrowed from `.htaccess`\n access_log off; # Optional: Don't log\
- \ access to assets\n }\n\n location / {\n try_files $uri $uri/ /index.php$request_uri;\n\
- \ }\n}"
+ default.conf: |-
+ upstream php-handler {
+ server 127.0.0.1:9000;
+ }
+ server {
+ # Default, IPv4 only
+ listen 80;
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.org/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+
+ # set max upload size
+ client_max_body_size 10G;
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Add .mjs as a file extension for javascript
+ # Either include it in the default mime.types list
+ # or include you can include that list explicitly and add the file extension
+ # only for Nextcloud like below:
+ include mime.types;
+ types {
+ text/javascript js mjs;
+ }
+
[Diff truncated by flux-local]
--- HelmRelease: default/nextcloud Deployment: default/nextcloud
+++ HelmRelease: default/nextcloud Deployment: default/nextcloud
@@ -28,13 +28,13 @@
php-config-hash: ed0e8e1a6c704392bdc7ac88be76273cfa95c6fa671770ed92809661ad6a77d4
nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b
hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204
spec:
containers:
- name: nextcloud
- image: nextcloud:29.0.4-fpm-alpine
+ image: nextcloud:30.0.0-fpm-alpine
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_HOST
value: postgres16-rw.database.svc.cluster.local
- name: POSTGRES_DB
value: nextcloud |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/nextcloud-6.x
branch
from
e0a39dd to
dea13e8
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/nextcloud-6.x
branch
from
dea13e8 to
63c387a
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/nextcloud-6.x
branch
from
63c387a to
fa61a75
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.5.2->6.1.0Release Notes
nextcloud/helm (nextcloud)
v6.1.0Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.0.3...nextcloud-6.1.0
v6.0.3Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
nextcloud.objectStore.s3.legacyAuthvalue when rendering as env var by @jessebot in https://github.com/nextcloud/helm/pull/638Full Changelog: nextcloud/helm@nextcloud-6.0.2...nextcloud-6.0.3
v6.0.2Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.0.1...nextcloud-6.0.2
v6.0.1Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
secretKeys.sse_c_keysecret key checking typo; nowsse_c_keyis not required for using s3 with this chart by @jessebot in https://github.com/nextcloud/helm/pull/631Full Changelog: nextcloud/helm@nextcloud-6.0.0...nextcloud-6.0.1
v6.0.0Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-5.5.6...nextcloud-6.0.0
v5.5.6Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
nodePortto template if none is specified by @jessebot in https://github.com/nextcloud/helm/pull/606Full Changelog: nextcloud/helm@nextcloud-5.5.5...nextcloud-5.5.6
v5.5.5Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-5.5.4...nextcloud-5.5.5
v5.5.4Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-5.5.3...nextcloud-5.5.4
v5.5.3Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-5.5.2...nextcloud-5.5.3
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.