Skip to content

Roadmap

This page summarises the upcoming operator features. The authoritative, implementation-facing documents live under docs/roadmap/ in the repository.

Foundation

These enable several later features and also improve the day-to-day UX on their own.

  • Extra volume pass-through — First-class spec.extraVolumes / spec.extraVolumeMounts so ConfigMaps, Secrets, and PVCs can be mounted into the Nextcloud container without reaching into spec.helm.values. Prerequisite for the user-template pipeline.
  • Declarative settings API — New spec.settings.system[] and spec.settings.app[] drive occ config:system:set / occ config:app:set with secret references, type coercion, and automatic unset-on-remove.

Customization

Customizations that are typically uniform across tenants and defined once per profile, but remain overridable per instance.

  • Theming — New spec.theming wraps occ theming:config: name, slogan, URL, primary color, legal URLs, logo, and background image. Profile-defaultable.
  • App version pinning — Extend spec.apps.* (typed and custom) with an optional version field so marketplace apps can be pinned to known-good releases.
  • User template (NextcloudUserTemplate) — New cluster-scoped CRD that references content stored as an OCI artifact; operator injects an init container to pull and extract it, mounts it into the Nextcloud pod, and configures skeletondirectory via occ.
  • Admin (settings) delegation — Declarative spec.adminDelegation.groups[] wraps Nextcloud's settings delegation so named groups can administer a scoped subset of admin panels without full admin privileges.
  • TeamFolders (groupfolders) — Extend spec.apps.groupfolders with folders[] (names, member groups, permissions, quotas, ACL) and add spec.groups[] for declarative group lifecycle, so TeamFolders can be fully provisioned from YAML.

New APIs

  • NextcloudCommand CRD — Namespaced CRD that triggers a one-off occ command sequence against a Nextcloud / NextcloudInstance. Per-command results land in status. A thin HTTP companion provides synchronous UX by holding the client connection for 30–60 seconds. Webhook callbacks are a planned follow-up.

Quality / Verification

  • ~~OIDC patch verification~~ — Shipped in v0.15.0. An on_update integration test now covers OIDC reconciliation on patch so regressions are caught automatically.

Design constraints

  • Customization is not solved by custom container images. The operator does not expect per-tenant Nextcloud images. All customization flows through declarative APIs (volume mounts, occ commands, CRDs). spec.image remains as a narrow escape hatch only.
  • Profile-first defaults. Items typically uniform across tenants (theming, user template, admin delegation) naturally live in a NextcloudProfile and cascade down.
  • Idempotent reconciles. Every feature composes occ commands into the Helm before-starting hook; the operator re-applies them on every reconcile and tracks what it owns in status so removals can emit the correct delete / cleanup sequence.

Status and scheduling

Per-feature status, dependency ordering, and implementation details are tracked in docs/roadmap/README.md. Features are implemented and shipped independently as separate pull requests; there is no single "roll-up" release.