Introduction: A Sovereign Alternative to Google Workspace and Microsoft 365
Nextcloud has established itself as the reference solution for self-hosted collaboration. Beyond simple file storage, Nextcloud offers a complete suite of services: calendar, contacts, task management, and real-time communication. When combined with Collabora Online, you gain a full office suite with collaborative document editing capabilities.
For organizations concerned with data sovereignty and GDPR compliance, this combination represents a robust alternative to Google Workspace or Microsoft 365. And when you deploy it on Kubernetes via Hikube, you gain the scalability, resilience, and flexibility that only container orchestration can provide.
This guide walks you through deploying this architecture on Hikube, Hidora's managed Kubernetes platform.
Why Kubernetes for Nextcloud + Collabora?
Three key reasons motivate a Kubernetes deployment over a simple virtual machine instance.
Elastic Scalability
With Kubernetes, you scale resources according to demand. Nextcloud and Collabora pods replicate horizontally. During traffic spikes, new pods start automatically. Once the peak passes, they scale down. You pay only for consumed resources.
Resilience and High Availability
Kubernetes ensures your services remain available even when nodes fail. Pods are automatically restarted. Updates occur without service interruption through rolling update strategies. Your critical collaboration data experiences no downtime.
Simplified Update Management
Through Helm charts, Nextcloud and Collabora updates become predictable and testable. You precisely control deployed versions and can rollback to a previous version in seconds if needed.
Architecture Deployed on Hikube
Here are the components of our Kubernetes architecture:
Frontend Tier
- Ingress Controller: Manages external HTTP/HTTPS access with automated TLS certificates
- Nextcloud Pods: Multiple replicas for load balancing
- Collabora Online Pods: Scalable document editing service
Application Tier
- Nextcloud Service: ClusterIP exposing Nextcloud replicas
- Collabora Service: ClusterIP for intra-cluster communication
- ConfigMaps: Configuration storage for Nextcloud
- Secrets: Sensitive data (credentials, API keys)
Data Tier
- PostgreSQL StatefulSet: Relational database with persistence
- Redis Cache: Improves session and caching performance
- Persistent Volumes (PV): Storage for Nextcloud files
- Persistent Volume Claims (PVC): Storage requests for data
Hidora provides managed Persistent Volumes across its distributed storage infrastructure, ensuring durability and resilience.
Deployment via Helm Charts
Helm is Kubernetes's package manager. Helm charts encapsulate all necessary configuration.
Installing Prerequisites
Start by initializing your Hikube context:
kubectl config use-context hikube-cluster
kubectl create namespace nextcloud
Adding Helm Repositories
helm repo add nextcloud https://nextcloud.github.io/helm/
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
Configuring Helm Values
Create a values-nextcloud.yaml file:
replicaCount: 3
image:
repository: nextcloud
tag: "28.0"
nextcloud:
host: nextcloud.your-domain.ch
username: admin
password: change-me
persistence:
enabled: true
storageClass: "hikube-fast"
size: 100Gi
redis:
enabled: true
auth:
enabled: true
password: redis-secure-password
postgresql:
enabled: true
postgresqlPassword: postgres-secure-password
primary:
persistence:
enabled: true
size: 50Gi
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: nextcloud.your-domain.ch
paths:
- path: /
pathType: Prefix
tls:
- secretName: nextcloud-tls
hosts:
- nextcloud.your-domain.ch
Deploying Nextcloud
helm install nextcloud nextcloud/nextcloud \
-n nextcloud \
-f values-nextcloud.yaml
Configuring Collabora Online
For Collabora Online, use the official chart:
helm repo add collabora https://collaboraonline.github.io/helm-collabora-online
helm repo update
Create values-collabora.yaml:
replicaCount: 2
image:
tag: "24.04"
persistence:
enabled: true
size: 20Gi
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 1000m
memory: 1Gi
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: collabora.your-domain.ch
paths:
- path: /
pathType: Prefix
tls:
- secretName: collabora-tls
hosts:
- collabora.your-domain.ch
Deploy:
helm install collabora collabora/collabora-online \
-n nextcloud \
-f values-collabora.yaml
Connecting Nextcloud to Collabora
After both services are running, you need to configure Nextcloud to use Collabora as its office document editor. Install the "Nextcloud Office" app (formerly Collabora Online) from the Nextcloud app store through the admin interface.
Navigate to Administration Settings > Nextcloud Office and set the Collabora Online server URL to https://collabora.your-domain.ch. Enable the "Use your own server" option. Nextcloud will test the connection and confirm that Collabora is reachable.
For environments where both services run in the same Kubernetes cluster, you can also use the internal ClusterIP service address (http://collabora-collabora-online.nextcloud.svc.cluster.local:9980) to avoid routing traffic through the public ingress. This reduces latency and keeps document editing traffic entirely within the cluster network.
To verify the integration, create a new document directly from the Nextcloud Files interface. The Collabora editor should open inline, allowing real-time collaborative editing. Test with multiple users simultaneously to confirm that changes sync correctly and that WebSocket connections are stable through your ingress configuration.
Persistent Volumes on Hikube
Hikube offers multiple storage classes optimized for different use cases.
For Nextcloud Files (frequent read/write, high availability)
Use hikube-fast, based on replicated SSD with node failure protection.
For PostgreSQL (intensive sequential access)
Use hikube-general, offering good balance between performance and cost with replication.
Configuring PVCs
Hikube automatically creates Persistent Volumes when launching Helm charts. Monitor their usage:
kubectl get pvc -n nextcloud
kubectl describe pvc nextcloud-nextcloud -n nextcloud
To dynamically increase size without interruption:
kubectl patch pvc nextcloud-nextcloud -n nextcloud \
-p '{"spec":{"resources":{"requests":{"storage":"200Gi"}}}}'
Ingress Configuration with TLS
Hikube includes an Nginx Ingress Controller and cert-manager for automatic Let's Encrypt certificates.
To enable HTTPS:
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@your-domain.ch
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
EOF
Verify certificates:
kubectl get certificate -n nextcloud
Scaling and Performance Optimization
Horizontal Scaling
Adjust Nextcloud replicas based on your load:
kubectl scale deployment nextcloud --replicas=5 -n nextcloud
Or via Helm:
helm upgrade nextcloud nextcloud/nextcloud \
-n nextcloud \
--set replicaCount=5 \
-f values-nextcloud.yaml
Autoscaling with HPA
For automatic scaling based on CPU load:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nextcloud-hpa
namespace: nextcloud
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nextcloud
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
Resource Optimization
For optimal collaboration, Hikube lets you adjust resource limits:
kubectl set resources deployment nextcloud \
--limits=cpu=2,memory=2Gi \
--requests=cpu=500m,memory=512Mi \
-n nextcloud
Collabora Online, resource-intensive for document editing, benefits from minimum 2 CPU and 2 GB RAM per pod.
Monitoring Your Deployment
A production Nextcloud + Collabora deployment needs active monitoring. Without visibility into pod health and resource consumption, performance issues go undetected until users complain.
Deploy Prometheus and Grafana in your cluster to collect metrics from both Nextcloud and Collabora pods. Nextcloud exposes health endpoints at /status.php and /ocs/v2.php/apps/serverinfo/api/v1/info that return JSON data on active users, storage usage and server load. Configure Prometheus to scrape these endpoints at regular intervals.
For Collabora, monitor the number of active document editing sessions, memory consumption per session and WebSocket connection counts. Collabora tends to consume significant memory when many users edit large spreadsheets simultaneously. Set alerts for when memory usage exceeds 80% of pod limits, so you can scale Collabora replicas before users experience degradation.
On Hikube, you can also leverage the built-in monitoring stack to track persistent volume usage. Running out of storage on your Nextcloud PVC is a preventable outage. Configure alerts when volume usage crosses 75%, giving your team time to expand the PVC before it fills completely.
Deployment Best Practices for Production Readiness
Before going live with Nextcloud and Collabora in production, a few operational practices will save you significant troubleshooting time. First, always pin your Helm chart versions and container image tags explicitly. Using latest or unpinned chart versions means that a routine helm upgrade could introduce breaking changes without warning. Lock your versions in your values.yaml files and only upgrade deliberately after testing in a staging namespace.
Second, configure Pod Disruption Budgets (PDBs) for both Nextcloud and Collabora deployments. A PDB ensures that Kubernetes never voluntarily evicts all your replicas simultaneously during node maintenance or cluster upgrades. For a three-replica Nextcloud deployment, setting minAvailable: 2 guarantees that at least two pods remain running at all times, preventing user-visible interruption during rolling updates or node drains.
Third, implement proper liveness and readiness probes. Nextcloud's /status.php endpoint is well-suited as a readiness probe target. If a Nextcloud pod fails to respond to the readiness check, Kubernetes automatically removes it from the service's load balancer, preventing users from being routed to an unhealthy instance. For Collabora, use the /hosting/capabilities endpoint as your readiness probe to confirm the document editing service is fully initialized before accepting traffic.
Compliance and Data Sovereignty
GDPR and Swiss Hosting
Your data remains hosted in Switzerland on Hidora's infrastructure. No third party accesses it. You maintain full control over access and user permissions.
Backups and Recovery
Hikube integrates Persistent Volume snapshots. Configure a backup policy:
kubectl apply -f - <<EOF
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
name: nextcloud-backup
namespace: nextcloud
spec:
volumeSnapshotClassName: hikube-snapshoter
source:
persistentVolumeClaimName: nextcloud-nextcloud
EOF
Audit and Logging
Enable Hikube audit logs to trace all access and modifications. Integrate with your SIEM system for continuous compliance.
Next Steps and Support
Deploying Nextcloud with Collabora Online on Kubernetes requires expertise and attention to detail. Certificate configuration, performance optimization, persistent volume management, monitoring, and automatic scaling form a non-trivial technical set.
Hikube simplifies Kubernetes infrastructure, but application configuration remains your responsibility. This is where our consulting services and our managed services deliver immense value.
Hidora can help you:
- Design optimal architecture for your collaboration needs
- Configure and deploy Nextcloud + Collabora on Hikube
- Establish high availability and backup strategies
- Optimize performance for your user load
- Manage secure updates
- Ensure GDPR and sovereignty compliance
Contact our team for a free consultation on your sovereign collaboration project.
CEO & Co-founder
Founder of Hidora, passionate about cloud-native and Swiss digital sovereignty. 15+ years in the cloud ecosystem.
