HA Nextcloud with Kubernetes

Cloud Native Nextcloud on Kubernetes

Deploy Nextcloud on Kubernetes Cluster

Kubernetes

Nextcloud

We are an infrastructure and cloud-agnostic integrator of the components (compute, storage, networking, access management) that enterprises require to robustly deploy a highly available instance of Nextcloud on a Kubernetes cluster.

The latest versions of Nextcloud Hub support “cloud native” modes of deployment using Helm charts and Kubernetes objects such as CSI Volumes, Ingress, and Secrets. The entire deployment is defined by YAML so it can be easily maintained or even migrated to another environment if needed.

The Kubernetes CSI driver support greatly simplifies integrating the primary storage of Nextcloud with provider managed services like Amazon EFS or Azure Files, or enterprise storage solutions such as NetApp Cloud Volumes ONTAP over the NFS/CIFS protocols. It is also possible to mount a volume from an OpenZFS-based NAS, such as TrueNAS or a CephFS persistent volume on a Ceph cluster as the storage for Nextcloud – a common use case in on-prem or traditional hosting environments. For lower IOPS (bulk storage) use cases, Nextcloud can also use S3 compatible primary storage, including self-hosted MinIO or OpenStack Swift.

When you scale out to multiple replicas of Nextcloud, it is critical that your load balancer and session store can correctly manage user sessions. Our implementation leveraging NGINX or HAProxy ingress controllers, and Redis key-value store ensures that users can reliably reach Nextcloud and its companion applications, such as Collabora Office, no matter which Kubernetes node serves their request. This is without using workarounds such as sticky sessions, which can result in uneven utilization of nodes.

Security is not an afterthought either. The Nextcloud Helm chart can optionally consume external secrets synced from password vaults including 1Password, HashiCorp Vault, or Passbolt, making it easy to periodically rotate secrets as a best practice. It also eliminates the possibility that sensitive passwords, such as database credentials or API tokens, are accidentally pushed to a public repo or storage bucket.

Certificate management is automated by Kubernetes cert-manager, integrating with a list of DNS providers (Azure DNS, Cloudflare, Route53) and certificate authorities like Let’s Encrypt to prevent downtime from expired certificates. The NGINX and HAProxy ingress annotations that we use are updated for the latest TLS versions and secure cipher suites, scoring top ratings on SSL tests such as HTBridge and Qualys SSL Test.

Start with any CNCF-certified Kubernetes distribution in the cloud, co-located, or on-prem environment of your choice. If desired, we can recommend a cloud or datacenter provider that meets your data residency requirements. Contact our team of Nextcloud architects for more details about our highly available Nextcloud solution on Kubernetes and how it can integrate with your IT environment.

Nextcloud on Kubernetes Screenshot

Cloud Native Technologies We Integrate with Nextcloud

Nextcloud with Enterprise File Storage (Kubernetes CSI)

Amazon EFS, Azure Files, Red Hat Ceph, NetApp ONTAP, or OpenZFS
Amazon EFS storage

Nextcloud with Enterprise Object Storage (S3 Compatible)

MinIO or OpenStack Swift
MinIO S3 Compatible storage

Postgres & Redis for Nextcloud

Distributed Caching, Session Storage, and Transactional File Locking
Redis Key-Value Store

Document Server for Nextcloud

Collabora Online or OnlyOffice
Collabora Office document server

Certificate Management & Ingress for Nextcloud

with Cert-Manager, Ingress-NGINX or HAProxy Ingress Controller
Kubernetes cert-manager Certificate Management

Kubernetes Secrets Management

with HashiCorp Vault, Passbolt, or 1Password Kubernetes Operator
HashiCorp Vault secrets management for Kubernetes
Compatible Cloud Providers for Nextcloud on Kubernetes
  • Amazon Web Services – with Amazon EFS, FSx, or S3
  • Microsoft Azure – with Azure Files storage
  • Google Cloud Platform – with Google Filestore
  • Oracle Cloud – with Oracle File Storage Service
  • DigitalOcean – with Block (Ceph) or Object Storage
  • Akamai Cloud (formerly Linode) – with Block or Object Storage
  • OVHcloud – with HA-NFS or NetApp ONTAP
  • Scaleway – with Block or Object Storage
  • and other managed Kubernetes and enterprise storage providers

Contact a NextCloud Specialist

Autoize LLC is not an affiliate or partner of NextCloud GmbH, the developers of NextCloud. We are an independent company providing consulting & support for the open-source, community edition of NextCloud.