This guide walks through deploying the first tenant (canary) on nextcloud-canary.commonground.nu.
- Kubernetes 1.28+ cluster with kubectl access
- Argo CD installed
- cert-manager installed with
letsencrypt-prodClusterIssuer - Fuga Cloud S3 credentials
- DNS configured for nextcloud-canary.commonground.nu
This platform supports 3 database options (see docs/DATABASE.md):
| Option | Description | Recommended For |
|---|---|---|
| MariaDB (default) | In-cluster, per-tenant | Getting started, dev |
| PostgreSQL | In-cluster, per-tenant | PostgreSQL features |
| External PostgreSQL | Shared + PgBouncer | Production |
For now, we use MariaDB - the simplest option.
The S3 bucket nextcloud should already exist in Fuga Cloud:
# Verify bucket exists
aws --endpoint-url https://core.fuga.cloud:8080 s3 ls s3://nextcloud# Create namespace
kubectl create namespace nc-canary
# Create secret
kubectl create secret generic nextcloud-secrets \
--namespace=nc-canary \
--from-literal=nextcloud-username=admin \
--from-literal=nextcloud-password='YOUR_ADMIN_PASSWORD' \
--from-literal=s3-access-key='YOUR_FUGA_ACCESS_KEY' \
--from-literal=s3-secret-key='YOUR_FUGA_SECRET_KEY' \
--from-literal=db-password='MARIADB_PASSWORD' \
--from-literal=redis-password='' \
--from-literal=nextcloud-secret="$(openssl rand -base64 48)"Save the admin password! You'll need it to log in.
git add .
git commit -m "feat: initial nextcloud platform setup"
git push origin main# Apply the Argo CD project
kubectl apply -f nextcloud-platform/argo/projects/nextcloud-platform.yaml
# Apply the ApplicationSets
kubectl apply -f nextcloud-platform/argo/applicationsets/nextcloud-tenants.yaml# Watch applications
kubectl get applications -n argocd -w
# Watch canary pods
kubectl get pods -n nc-canary -w
# Check logs if issues
kubectl logs -n nc-canary -l app.kubernetes.io/name=nextcloud -fIf you don’t want to wait for Argo CD’s refresh interval, you can force a hard refresh + sync:
# Sync a single tenant (assumes app name "nc-<tenant>")
bash ./scripts/argocd-sync.sh canary --wait
# Or sync by pattern (bash glob)
bash ./scripts/argocd-sync.sh --pattern "nc-*-prod" --waitOnce pods are running (takes 2-5 minutes):
- Open https://nextcloud-canary.commonground.nu
- Login with:
- Username:
admin - Password: (from step 2)
- Username:
# Check Nextcloud status
kubectl exec -it -n nc-canary deploy/nextcloud-nextcloud -- php occ status
# Check S3 connectivity
kubectl exec -it -n nc-canary deploy/nextcloud-nextcloud -- php occ files:scan --dry-run admin| Component | Where | Notes |
|---|---|---|
| Nextcloud | nc-canary namespace |
Web app |
| MariaDB | nc-canary namespace |
Database (per-tenant) |
| Redis | nextcloud-platform namespace |
Shared cache/locking |
| Ingress | nc-canary namespace |
TLS via cert-manager |
kubectl describe pod -n nc-canary -l app.kubernetes.io/name=nextcloud
kubectl logs -n nc-canary -l app.kubernetes.io/name=nextcloudkubectl get secret nextcloud-secrets -n nc-canarykubectl exec -it -n nc-canary deploy/nextcloud-nextcloud -- env | grep S3kubectl get certificate -n nc-canary
kubectl describe certificate -n nc-canary- Copy
values/tenants/tenant-canary.yamltotenant-<name>.yaml - Update hostname, bucket, etc.
- Create namespace and secret:
kubectl create namespace nc-<name> kubectl create secret generic nextcloud-secrets --namespace=nc-<name> ...
- Commit and push
When ready for production, see docs/DATABASE.md for:
- Option B: External PostgreSQL with auto-provisioning
- Migration steps from MariaDB
- Endpoint:
https://core.fuga.cloud:8080 - Path style:
true - SSL:
true
- Hostname:
nextcloud-canary.commonground.nu - Namespace:
nc-canary - S3 Bucket:
nextcloud - Database: MariaDB (in-cluster)