Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(nextcloud): Add support for AWS session token key #691

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+43 −33
Open

feat(nextcloud): Add support for AWS session token key #691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
afb6f09
feat: Add support for S3 session token key
refucktor Feb 6, 2025
df5756c
Merge branch 'main' into feat/support-aws-session-token
refucktor Mar 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 34 additions & 33 deletions charts/nextcloud/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -317,39 +317,40 @@ Read more in the official [docs](https://docs.nextcloud.com/server/latest/admin_
Here are all the values you can currently configure in this helm chart to configure an Object Store as your Primary Storage.


| Parameter | Description | Default |
|-------------------------------------------------|-----------------------------------------------------------------------|-------------|
| `nextcloud.objectStore.s3.enabled` | enable configuring S3 as a primary object store | `false` |
| `nextcloud.objectStore.s3.accessKey` | accessKeyID for authing to S3, ignored if using existingSecret | `''` |
| `nextcloud.objectStore.s3.secretKey` | secretAccessKey for authing to S3, ignored if using existingSecret | `''` |
| `nextcloud.objectStore.s3.legacyAuth` | use legacy authentication for S3 | `false` |
| `nextcloud.objectStore.s3.host` | endpoint URL to connect to. Only required if not using AWS | `''` |
| `nextcloud.objectStore.s3.ssl` | Use TLS connection when connecting to S3 | `true` |
| `nextcloud.objectStore.s3.port` | Port for S3 host to use | `443` |
| `nextcloud.objectStore.s3.region` | region to look for bucket in on the S3 host | `eu-west-1` |
| `nextcloud.objectStore.s3.bucket` | bucket on the S3 host | `''` |
| `nextcloud.objectStore.s3.prefix` | optional object prefix | `''` |
| `nextcloud.objectStore.s3.usePathStyle` | set to true if you are not using DNS for your buckets | `false` |
| `nextcloud.objectStore.s3.autoCreate` | auto-create the S3 bucket | `false` |
| `nextcloud.objectStore.s3.storageClass` | S3 storage class to use | `STANDARD` |
| `nextcloud.objectStore.s3.sse_c_key` | S3 server side encryption key. | `''` |
| `nextcloud.objectStore.s3.existingSecret` | Use an existing Kubernetes Secret to fetch auth credentials | `''` |
| `nextcloud.objectStore.s3.secretKeys.host` | if using s3.existingSecret, secret key to use for the host | `''` |
| `nextcloud.objectStore.s3.secretKeys.accessKey` | if using s3.existingSecret, secret key to use for the accessKeyID | `''` |
| `nextcloud.objectStore.s3.secretKeys.secretKey` | if using s3.existingSecret, secret key to use for the secretAccessKey | `''` |
| `nextcloud.objectStore.s3.secretKeys.bucket` | if using s3.existingSecret, secret key to use for the bucket | `''` |
| `nextcloud.objectStore.s3.secretKeys.sse_c_key` | if using s3.existingSecret, secret key to use for the sse_c_key | `''` |
| `nextcloud.objectStore.swift.enabled` | enable configuring Openstack Swift as a primary object store | `false` |
| `nextcloud.objectStore.swift.user.domain` | optional: swift user domain | `'Default'` |
| `nextcloud.objectStore.swift.user.name` | Swift username | `''` |
| `nextcloud.objectStore.swift.user.password` | Swift user password | `''` |
| `nextcloud.objectStore.swift.project.name` | Swift project name | `''` |
| `nextcloud.objectStore.swift.project.domain` | optional: swift project domain | `'Default'` |
| `nextcloud.objectStore.swift.url` | Swift Identity / Keystone endpoint | `''` |
| `nextcloud.objectStore.swift.region` | Swift region | `''` |
| `nextcloud.objectStore.swift.service` | Optional: service name, used on some swift implementations | `'swift'` |
| `nextcloud.objectStore.swift.container` | Swift container to store the data in | `''` |
| `nextcloud.objectStore.swift.autoCreate` | Autocreate the Swift container | `false` |
| Parameter | Description | Default |
|-------------------------------------------------------|-----------------------------------------------------------------------|-------------|
| `nextcloud.objectStore.s3.enabled` | enable configuring S3 as a primary object store | `false` |
| `nextcloud.objectStore.s3.accessKey` | accessKeyID for authing to S3, ignored if using existingSecret | `''` |
| `nextcloud.objectStore.s3.secretKey` | secretAccessKey for authing to S3, ignored if using existingSecret | `''` |
| `nextcloud.objectStore.s3.legacyAuth` | use legacy authentication for S3 | `false` |
| `nextcloud.objectStore.s3.host` | endpoint URL to connect to. Only required if not using AWS | `''` |
| `nextcloud.objectStore.s3.ssl` | Use TLS connection when connecting to S3 | `true` |
| `nextcloud.objectStore.s3.port` | Port for S3 host to use | `443` |
| `nextcloud.objectStore.s3.region` | region to look for bucket in on the S3 host | `eu-west-1` |
| `nextcloud.objectStore.s3.bucket` | bucket on the S3 host | `''` |
| `nextcloud.objectStore.s3.prefix` | optional object prefix | `''` |
| `nextcloud.objectStore.s3.usePathStyle` | set to true if you are not using DNS for your buckets | `false` |
| `nextcloud.objectStore.s3.autoCreate` | auto-create the S3 bucket | `false` |
| `nextcloud.objectStore.s3.storageClass` | S3 storage class to use | `STANDARD` |
| `nextcloud.objectStore.s3.sse_c_key` | S3 server side encryption key. | `''` |
| `nextcloud.objectStore.s3.existingSecret` | Use an existing Kubernetes Secret to fetch auth credentials | `''` |
| `nextcloud.objectStore.s3.secretKeys.host` | if using s3.existingSecret, secret key to use for the host | `''` |
| `nextcloud.objectStore.s3.secretKeys.accessKey` | if using s3.existingSecret, secret key to use for the accessKeyID | `''` |
| `nextcloud.objectStore.s3.secretKeys.secretKey` | if using s3.existingSecret, secret key to use for the secretAccessKey | `''` |
| `nextcloud.objectStore.s3.secretKeys.sessionTokenKey` | if using s3.existingSecret, secret key to use for the sessionTokenKey | `''` |
| `nextcloud.objectStore.s3.secretKeys.bucket` | if using s3.existingSecret, secret key to use for the bucket | `''` |
| `nextcloud.objectStore.s3.secretKeys.sse_c_key` | if using s3.existingSecret, secret key to use for the sse_c_key | `''` |
| `nextcloud.objectStore.swift.enabled` | enable configuring Openstack Swift as a primary object store | `false` |
| `nextcloud.objectStore.swift.user.domain` | optional: swift user domain | `'Default'` |
| `nextcloud.objectStore.swift.user.name` | Swift username | `''` |
| `nextcloud.objectStore.swift.user.password` | Swift user password | `''` |
| `nextcloud.objectStore.swift.project.name` | Swift project name | `''` |
| `nextcloud.objectStore.swift.project.domain` | optional: swift project domain | `'Default'` |
| `nextcloud.objectStore.swift.url` | Swift Identity / Keystone endpoint | `''` |
| `nextcloud.objectStore.swift.region` | Swift region | `''` |
| `nextcloud.objectStore.swift.service` | Optional: service name, used on some swift implementations | `'swift'` |
| `nextcloud.objectStore.swift.container` | Swift container to store the data in | `''` |
| `nextcloud.objectStore.swift.autoCreate` | Autocreate the Swift container | `false` |



Expand Down
7 changes: 7 additions & 0 deletions charts/nextcloud/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,13 @@ S3 as primary object store env vars
- name: OBJECTSTORE_S3_SECRET
value: {{ .Values.nextcloud.objectStore.s3.secretKey | quote }}
{{- end }}
{{- if and .Values.nextcloud.objectStore.s3.existingSecret .Values.nextcloud.objectStore.s3.secretKeys.sessionTokenKey }}
- name: OBJECTSTORE_S3_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.nextcloud.objectStore.s3.existingSecret }}
key: {{ .Values.nextcloud.objectStore.s3.secretKeys.sessionTokenKey }}
{{- end }}
{{- if and .Values.nextcloud.objectStore.s3.existingSecret .Values.nextcloud.objectStore.s3.secretKeys.sse_c_key }}
- name: OBJECTSTORE_S3_SSE_C_KEY
valueFrom:
Expand Down
2 changes: 2 additions & 0 deletions charts/nextcloud/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,8 @@ nextcloud:
accessKey: ""
# key in nextcloud.objectStore.s3.existingSecret to use for s3 secretAccessKey
secretKey: ""
# key in nextcloud.objectStore.s3.existingSecret to use for the s3 sessionToken
sessionTokenKey: ""
# key in nextcloud.objectStore.s3.existingSecret to use for the s3 bucket
bucket: ""
# key in nextcloud.objectStore.s3.existingSecret to use for the s3 sse_c_key
Expand Down