nextcloud
| Field |
Value |
| Service |
nextcloud |
| Purpose |
Self-hosted collaboration, file sync, and cloud storage service |
| Criticality |
Tier 2 |
| Owner |
Application / platform owner |
| Clusters |
dev, local |
| Namespace |
nextcloud |
| Exposure |
internet |
| Stateful |
yes |
| Backup class |
app-native |
| RPO / RTO |
Daily backup target, 4 to 8 hours to restore |
| Last reviewed |
2026-05-20 |
1. Service Overview
Nextcloud provides user-facing file synchronization and collaboration workflows backed by MySQL, Redis, and multiple persistent volumes.
Summary
If it fails, file access and collaboration stop and user data is at risk until application, DB, and storage are recovered.
Dependencies
| Dependency |
Type |
Why it matters |
| MySQL |
database |
Stores primary application state |
| Redis |
cache / locking |
Required for performant and safe file operations |
| Traefik and Authelia |
ingress and auth |
Public HTTPS path and access control |
2. Architecture Diagram
[Browser / sync client]
-> [Traefik]
-> [Nextcloud]
-> [MySQL]
-> [Redis]
-> [PVC-backed application storage]
3. Deployment Specifications
| Item |
Value |
| Source path |
nextcloud/base and nextcloud/overlays/* |
| Deployment model |
Kustomize plus Fleet bundle |
| Namespace |
nextcloud |
| Workload kind |
Deployment plus database and cache workloads |
| Chart or image version |
See base manifests for current image tags |
| Config files |
base/kustomization.yaml, overlays/dev, overlays/local, fleet.yaml |
Cluster mapping
| Cluster |
Overlay path |
Notes |
| dev |
nextcloud/overlays/dev |
Development deployment |
| local |
nextcloud/overlays/local |
Main local-cluster deployment |
4. Configuration Guide
Environment variables
| Variable |
Source |
Purpose |
Secret? |
| Nextcloud runtime settings |
overlay env files, Secrets, and manifests |
Application bootstrap, DB, cache, and SMTP settings |
mixed |
ConfigMaps
| Resource |
Path |
Purpose |
| Nextcloud runtime config |
nextcloud/base and nextcloud/overlays/* |
Configures trusted domains and environment-specific behavior |
Secrets management
- Secret names: app secrets, DB credentials, cache credentials, and SMTP credentials in the nextcloud namespace
- Source of truth: overlay secret inputs and generated manifests
- Rotation trigger: credential updates or security response
- Recovery note: restore all required secrets before restarting the app
5. Access Protocols
| Path |
URL or endpoint |
Audience |
Auth |
TLS terminates at |
| Internal |
Nextcloud service in the nextcloud namespace |
Cluster workloads |
namespace RBAC |
Traefik / Nextcloud |
| External |
https://cloud.mutana.fr |
End users |
Nextcloud auth plus optional Authelia controls |
Traefik |
6. Operations and Observability
- Primary health indicators: app pod healthy, MySQL and Redis healthy, and external file access working.
- Dashboards or alerts: shared cluster monitoring and PVC health.
- Log locations: Nextcloud app logs, MySQL logs, and Redis logs.
- Known failure modes: DB migrations, lock/cache issues, PVC attach failure, or ingress problems.
7. Backup and Recovery Notes
- Backup method: database backup plus file-data snapshot and secret backup.
- Restore prerequisites: restored DB, restored data volume, and runtime secrets.
- Related runbook: ../runbooks/nextcloud.md
8. Release and Change Notes
- Current deployed app version: see nextcloud/base image tags.
- Current chart version: N/A.
- Last significant change: repository documentation updated for the current
dev and local overlays and their supporting environment inputs.
- Rollback reference: previous overlay revision in Git.