Docs
Kubernetes
Guides
Applications
Deploy Nextcloud

Deploy Nextcloud on Thalassa Cloud Kubernetes

Nextcloud is a self-hosted file sharing and collaboration platform that provides secure file storage, document collaboration, and productivity tools. By deploying Nextcloud on Thalassa Cloud Kubernetes using Helm and Cloud Native PostgreSQL, you can run a production-ready Nextcloud instance with high availability, automated backups, and seamless integration with Kubernetes features.

This guide walks you through deploying Nextcloud using the official Helm chart, configuring it to use Cloud Native PostgreSQL for the database, and integrating with Thalassa Cloud’s storage and networking features.

Prerequisites

Before deploying Nextcloud, ensure you have a few things in place. First, you need a running Kubernetes cluster in Thalassa Cloud. If you’re new to Thalassa Cloud Kubernetes, see the Getting Started guide for cluster creation and basic setup.

  1. You’ll also need cluster access configured using kubectl. Use tcloud kubernetes connect to configure access, or set up kubeconfig manually. You’ll need cluster administrator permissions to install Helm charts and create namespaces.
  2. Helm must be installed on your local machine. For installation instructions, see the Working with Helm guide. You’ll use Helm to install both Cloud Native PostgreSQL and Nextcloud.
  3. For the database, you’ll need Cloud Native PostgreSQL installed in your cluster. If you haven’t installed it yet, follow the Cloud Native PostgreSQL guide to set it up. This guide assumes you have Cloud Native PostgreSQL installed and ready to use.
  4. Finally, ensure your cluster has sufficient resources. Nextcloud requires CPU, memory, and storage for the application and database. Plan for at least one node with adequate resources, and consider using dedicated node pools for database instances. For information about storage options, see the Storage documentation and Persistent Volumes documentation.

Setting Up PostgreSQL Database

Before deploying Nextcloud, set up a PostgreSQL database cluster using Cloud Native PostgreSQL. This provides a reliable, high-availability database for your Nextcloud instance. This section provides a quick setup; for PostgreSQL configuration options, high availability setup, and backup configuration, see the Cloud Native PostgreSQL guide.

Step 1: Create Namespace

Create a namespace for Nextcloud resources:

kubectl create namespace nextcloud

Step 2: Create Database Credentials Secret

Create a Kubernetes Secret for the database user credentials. CloudNativePG will use this secret to set the password for the database user:

apiVersion: v1
kind: Secret
metadata:
  name: nextcloud-db-credentials
  namespace: nextcloud
type: Opaque
stringData:
  username: nextcloud
  password: your-secure-password

Secure Password Management

Use a strong, unique password for the database user. Store the password in a Kubernetes Secret rather than hardcoding it. CloudNativePG will use this secret to set up the database user automatically.

Apply the secret:

kubectl apply -f db-credentials-secret.yaml

Step 3: Create PostgreSQL Cluster

Create a PostgreSQL cluster for Nextcloud. This example creates a cluster with 3 instances for high availability and uses CloudNativePG’s bootstrap configuration to automatically create the database and user:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: nextcloud-db
  namespace: nextcloud
spec:
  instances: 3
  postgresql:
    parameters:
      max_connections: "200"
      shared_buffers: "256MB"
      effective_cache_size: "1GB"
  bootstrap:
    initdb:
      database: nextcloud
      owner: nextcloud
      secret:
        name: nextcloud-db-credentials
  storage:
    size: 20Gi
    storageClass: tc-block
  resources:
    requests:
      memory: "512Mi"
      cpu: "500m"
    limits:
      memory: "1Gi"
      cpu: "1000m"

The bootstrap.initdb section tells CloudNativePG to automatically create a database named nextcloud with an owner nextcloud, using the credentials from the secret. CloudNativePG will create the database and user during cluster initialization, so you don’t need to run SQL commands manually.

Save this to postgres-cluster.yaml and apply it:

kubectl apply -f postgres-cluster.yaml

Step 4: Wait for Cluster to be Ready

Wait for the cluster to be ready:

kubectl wait --for=condition=Ready cluster/nextcloud-db -n nextcloud --timeout=300s

CloudNativePG automatically creates the database and user during cluster initialization. The credentials are stored in the secret you created, and CloudNativePG uses them to set up the database owner.

Step 5: Create Database Connection Secret

Create a Kubernetes Secret with the database connection details for Nextcloud to use:

apiVersion: v1
kind: Secret
metadata:
  name: nextcloud-db-secret
  namespace: nextcloud
type: Opaque
stringData:
  db-host: nextcloud-db-rw.nextcloud.svc.cluster.local
  db-name: nextcloud
  db-user: nextcloud
  db-password: your-secure-password

Apply the secret:

kubectl apply -f db-secret.yaml

Automatic Database and User Creation

CloudNativePG’s bootstrap configuration automatically creates the database and user specified in the bootstrap.initdb section. This eliminates the need to manually run SQL commands to create the database, user, and grant privileges. The database and user are ready to use once the cluster is ready.

Database Connection String

Cloud Native PostgreSQL provides a read-write service at <cluster-name>-rw.<namespace>.svc.cluster.local. This service automatically routes connections to the primary instance, ensuring high availability. For more information about Cloud Native PostgreSQL networking and service discovery, see the Cloud Native PostgreSQL guide.

Installing Nextcloud with Helm

The Nextcloud Helm chart provides a straightforward way to deploy Nextcloud with configurable options. This section covers the basic installation; for more advanced Helm usage, custom values files, and chart management, see the Working with Helm guide.

Step 1: Add Helm Repository

Add the Nextcloud Helm repository:

helm repo add nextcloud https://charts.nextcloud.com
helm repo update

Step 2: Create Values File

Create a values file to customize the Nextcloud deployment. This example configures Nextcloud to use the PostgreSQL database and sets up persistent storage:

# values.yaml
nextcloud:
  host: nextcloud.example.com
  persistence:
    enabled: true
    size: 50Gi
    storageClass: tc-block
  
  database:
    type: pgsql
    host: nextcloud-db-rw.nextcloud.svc.cluster.local
    database: nextcloud
    username: nextcloud
    existingSecret: nextcloud-db-secret
    existingSecretPasswordKey: db-password
  
  redis:
    enabled: true
  
  resources:
    requests:
      memory: "512Mi"
      cpu: "500m"
    limits:
      memory: "1Gi"
      cpu: "1000m"

Using Existing Secrets

The Helm chart supports using existing Kubernetes Secrets for database credentials. This is more secure than passing credentials directly in values files and allows you to manage secrets separately. For more information about managing secrets in Kubernetes, see the Deploying Applications guide.

Step 3: Install Nextcloud

Install Nextcloud using Helm:

helm install nextcloud nextcloud/nextcloud \
  --namespace nextcloud \
  --values values.yaml \
  --wait

The --wait flag ensures Helm waits for all resources to be ready before completing the installation.

Step 4: Verify Installation

Verify that Nextcloud is running:

kubectl get pods -n nextcloud

You should see Nextcloud pods running, along with the PostgreSQL cluster instances. Check the Nextcloud service:

kubectl get svc -n nextcloud

Configuring Access

Nextcloud needs to be accessible from outside the cluster. Thalassa Cloud provides load balancers that you can use to expose Nextcloud. Configure the Helm chart to use a load balancer service:

# values.yaml (add to existing file)
service:
  type: LoadBalancer
  annotations:
    service.beta.kubernetes.io/thalassa-load-balancer-type: "public"

Upgrade the Helm release:

helm upgrade nextcloud nextcloud/nextcloud \
  --namespace nextcloud \
  --values values.yaml

Get the load balancer IP address:

kubectl get svc nextcloud -n nextcloud

The EXTERNAL-IP column shows the load balancer IP. You can access Nextcloud at this IP address, or configure a DNS record pointing to this IP.

DNS Configuration

For production deployments, configure a DNS record pointing to the load balancer IP. Update the nextcloud.host value in your Helm values file to match your domain name, and ensure Nextcloud is configured to use this domain.

Configuring TLS Certificates

For production deployments, secure Nextcloud with TLS certificates to enable HTTPS. The recommended approach is to use Cert Manager with Let’s Encrypt for automatic certificate provisioning and renewal.

If you’re using an ingress controller, you can configure Cert Manager to automatically provision certificates. See the Cert Manager and Let’s Encrypt guide for detailed instructions on installing Cert Manager and configuring Let’s Encrypt issuers.

Once Cert Manager is installed, configure your ingress to use automatic certificate provisioning:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nextcloud-ingress
  namespace: nextcloud
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - nextcloud.example.com
    secretName: nextcloud-tls
  rules:
  - host: nextcloud.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nextcloud
            port:
              number: 80

Cert Manager will automatically create and manage the TLS certificate, renewing it before expiration. For more information about certificate management, see the Cert Manager and Let’s Encrypt guide.

Initial Setup

Once Nextcloud is accessible, complete the initial setup through the web interface. Navigate to the load balancer IP or your configured domain in a web browser.

The setup wizard will guide you through:

  1. Creating an administrator account
  2. Configuring the database connection (if not already configured via Helm)
  3. Setting up storage locations
  4. Installing recommended apps

Database Configuration

If you configured the database via Helm values, the database connection should already be set up. If you need to configure it manually, use the connection details from the Kubernetes Secret you created earlier.

Configuring Persistent Storage

Nextcloud requires persistent storage for user files, application data, and configuration. The Helm chart automatically creates PersistentVolumeClaims for Nextcloud data. For information about persistent storage in Kubernetes, see the Persistent Volumes documentation.

To view the created PVCs:

kubectl get pvc -n nextcloud

The default storage class tc-block provides high-performance block storage suitable for Nextcloud’s file storage needs. For information about storage classes and storage options, see the Storage Classes documentation. For resizing volumes, see the Resize Persistent Volume guide.

If you need to expand storage later, you can resize the PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-data
  namespace: nextcloud
spec:
  resources:
    requests:
      storage: 100Gi  # Increased from 50Gi

Apply the updated PVC:

kubectl apply -f pvc-update.yaml

Configuring External Storage Backends

Nextcloud supports external storage backends for user files, allowing you to use object storage or network file systems as the primary storage location. This is useful for scaling storage independently of the Nextcloud application and for integrating with Thalassa Cloud storage services.

Object Storage

Nextcloud can use S3-compatible object storage as an external storage backend. Thalassa Cloud provides S3-compatible object storage that you can configure in Nextcloud for storing user files. This provides scalable, cost-effective storage that grows with your needs.

To configure object storage in Nextcloud:

  1. Navigate to Settings → Administration → External storage in the Nextcloud web interface
  2. Add a new external storage location
  3. Select “S3 Compatible” as the storage type
  4. Configure the connection details:
    • Bucket name: Your object storage bucket
    • Host: Your Thalassa Cloud object storage endpoint (e.g., objects.nl-01.thalassa.cloud)
    • Access key and Secret key: Your object storage credentials
    • Region: Your Thalassa Cloud region

Object storage credentials can be stored in Kubernetes Secrets and referenced in Nextcloud configuration. For more information about Thalassa Cloud object storage, see the Object Storage documentation.

Thalassa Filesystem Service (TFS)

You can also use Thalassa Filesystem Service (TFS) as a storage backend for Nextcloud. TFS provides NFS-based shared storage that supports the ReadWriteMany access mode, making it suitable for applications that need shared file access across multiple pods.

To use TFS with Nextcloud, you’ll need to:

  1. Create a TFS instance and export in your VPC
  2. Create a PersistentVolume that references your TFS export
  3. Mount the TFS volume in your Nextcloud deployment

For detailed instructions on using TFS with Kubernetes, see the TFS documentation and the Deploying Applications guide section on TFS for ReadWriteMany volumes.

Storage Backend Selection

Object storage is recommended for most production deployments due to its scalability and cost-effectiveness. TFS is suitable when you need POSIX-compatible file system access or when integrating with existing TFS infrastructure. The default block storage (via PersistentVolumes) works well for smaller deployments or when you prefer local storage.

Enabling Redis Caching

Redis caching improves Nextcloud performance by caching frequently accessed data. The Helm chart includes an option to deploy Redis alongside Nextcloud.

Enable Redis in your values file:

# values.yaml
redis:
  enabled: true
  persistence:
    enabled: true
    size: 5Gi
    storageClass: tc-block

Upgrade the Helm release:

helm upgrade nextcloud nextcloud/nextcloud \
  --namespace nextcloud \
  --values values.yaml

Nextcloud will automatically configure itself to use Redis for caching once it’s available.

Backup Configuration

Regular backups are essential for production Nextcloud deployments. Cloud Native PostgreSQL handles database backups automatically when configured. For Nextcloud file storage, implement a backup strategy.

Database Backups

Configure automated backups for the PostgreSQL cluster. See the Cloud Native PostgreSQL guide for detailed backup configuration, including automated backup schedules, retention policies, and restore procedures. A basic backup configuration:

apiVersion: postgresql.cnpg.io/v1
kind: Backup
metadata:
  name: nextcloud-db-backup
  namespace: nextcloud
spec:
  cluster:
    name: nextcloud-db
  method: barmanObjectStore
  barmanObjectStore:
    destinationPath: s3://my-bucket/nextcloud-backups
    s3Credentials:
      accessKeyId:
        name: backup-credentials
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: backup-credentials
        key: SECRET_ACCESS_KEY
    endpoint: https://objects.nl-01.thalassa.cloud

File Storage Backups

For Nextcloud file storage, consider using volume snapshots. See the Create and Restore Volume Snapshot guide for details on creating snapshots of persistent volumes, including automated snapshot schedules and restore procedures.

Create a snapshot of the Nextcloud data volume:

apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
  name: nextcloud-data-snapshot
  namespace: nextcloud
spec:
  source:
    persistentVolumeClaimName: nextcloud-data
  volumeSnapshotClassName: tc-block-snapshot

Monitoring and Maintenance

Monitor your Nextcloud deployment to ensure it’s running smoothly. Check pod status regularly:

kubectl get pods -n nextcloud

View Nextcloud logs:

kubectl logs -f deployment/nextcloud -n nextcloud

Monitor resource usage:

kubectl top pods -n nextcloud

For production grade monitoring, consider setting up Prometheus Operator. See the Prometheus Operator guide for details.

Upgrading Nextcloud

To upgrade Nextcloud to a newer version, update the Helm chart repository and upgrade the release. For more information about Helm upgrades and rollbacks, see the Working with Helm guide:

helm repo update
helm upgrade nextcloud nextcloud/nextcloud \
  --namespace nextcloud \
  --values values.yaml

Backup Before Upgrades

Always create backups of both the database and file storage before upgrading Nextcloud. This ensures you can roll back if the upgrade causes issues.

Summary

Deploying Nextcloud on Thalassa Cloud Kubernetes using Helm and Cloud Native PostgreSQL provides a production-ready file sharing and collaboration platform. The Helm chart simplifies deployment, Cloud Native PostgreSQL provides reliable database management, and Thalassa Cloud’s infrastructure features ensure high performance and availability.

By following this guide, you’ve set up Nextcloud with persistent storage, high-availability database, Redis caching, and proper backup configuration. This foundation supports a reliable Nextcloud deployment that can scale with your needs.

For more information about Nextcloud features and configuration, see the official Nextcloud documentation. For details about the Helm chart, see the Nextcloud Helm chart repository.

Deploy Keycloak