helm
helm copied to clipboard
nextcloud
Helmchart generates and uses default secret despite existingSecret.enabled set to true
Describe your Issue
I have the helmchart (verison 3.4.5) set up like this:
nextcloud:
existingSecret:
enabled: true
secretName: nextcloud-credentials
usernameKey: nextcloud-username
passwordKey: nextcloud-password
smtpUsernameKey: smtpUsername
smtpPasswordKey: smtpPassword
I also have a secret setup in the target namespace:
kubectl create secret generic nextcloud-credentials -n nextcloud --from-literal=nextcloud-username=mohl --from-literal=nextcloud-password=nextcloud12345678 --from-literal=smptUsername=asdfasdf --from-literal=smptPassword=qwerqwer
I'd expect nextcloud to use this secret, yet when installing the helmchart I found that nextcloud instead generates a secret called "nextcloud" in the target namespace and uses the credentials put there instead of the existing secret.
Logs and Errors
nextcloud-cron crond: crond (busybox 1.30.1) started, log level 0
nextcloud-cron crond: user:www-data entry:(null)
nextcloud-cron 100001000010000100001000010000100001000010000100001000010000
nextcloud-cron 111111111111111111111111
nextcloud-cron 11111111111111111111111111111111
nextcloud-cron 111111111111
nextcloud-cron 1111111
nextcloud-cron crond: user:www-data entry:(null)
nextcloud-cron 100001000010000100001000010000100001000010000100001000010000
nextcloud-cron 111111111111111111111111
nextcloud-cron 11111111111111111111111111111111
nextcloud-cron 111111111111
nextcloud-cron 1111111
nextcloud-cron crond: wakeup dt=32
nextcloud-cron crond: file www-data:
nextcloud-cron crond: line php -f /var/www/html/cron.php
nextcloud-cron crond: job: 0 php -f /var/www/html/cron.php
nextcloud-cron crond: child running /bin/bash
nextcloud-cron crond: USER www-data pid 7 cmd php -f /var/www/html/cron.php
nextcloud-cron Exception: Not installed in /var/www/html/lib/base.php:284
nextcloud-cron Stack trace:
nextcloud-cron #0 /var/www/html/lib/base.php(680): OC::checkInstalled(Object(OC\SystemConfig))
nextcloud-cron #1 /var/www/html/lib/base.php(1144): OC::init()
nextcloud-cron #2 /var/www/html/cron.php(43): require_once('/var/www/html/l...')
nextcloud-cron #3 {main}
nextcloud-cron crond: wakeup dt=10
nextcloud Configuring Redis as session handler
nextcloud Initializing nextcloud 25.0.3.2 ...
nextcloud New nextcloud instance
nextcloud Installing with SQLite database
nextcloud Starting nextcloud installation
nextcloud Nextcloud was successfully installed
nextcloud Setting trusted domains…
nextcloud System config value trusted_domains => 1 set to string nextcloud.kube.home
nextcloud Initializing finished
nextcloud AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.42.0.161. Set the 'ServerName' directive globally to suppress this message
nextcloud AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.42.0.161. Set the 'ServerName' directive globally to suppress this message
nextcloud [Sat Feb 11 09:05:21.735397 2023] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.54 (Debian) PHP/8.1.15 configured -- resuming normal operations
nextcloud [Sat Feb 11 09:05:21.735446 2023] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
nextcloud 10.42.0.1 - - [11/Feb/2023:09:05:24 +0000] "GET /status.php HTTP/1.1" 200 1824 "-" "kube-probe/1.25"
nextcloud 10.42.0.1 - - [11/Feb/2023:09:05:24 +0000] "GET /status.php HTTP/1.1" 200 1824 "-" "kube-probe/1.25"
nextcloud 10.42.0.1 - - [11/Feb/2023:09:05:34 +0000] "GET /status.php HTTP/1.1" 200 1822 "-" "kube-probe/1.25"
nextcloud 10.42.0.1 - - [11/Feb/2023:09:05:34 +0000] "GET /status.php HTTP/1.1" 200 1826 "-" "kube-probe/1.25"
nextcloud 10.42.0.1 - - [11/Feb/2023:09:05:44 +0000] "GET /status.php HTTP/1.1" 200 1824 "-" "kube-probe/1.25"
nextcloud 10.42.0.1 - - [11/Feb/2023:09:05:44 +0000] "GET /status.php HTTP/1.1" 200 1830 "-" "kube-probe/1.25"
Describe your Environment
-
Kubernetes distribution: k3s
-
Helm Version: 3.10.1
-
Helm Chart Version: 3.4.5
-
values.yaml:
nextcloud:
existingSecret:
enabled: true
secretName: nextcloud-credentials
usernameKey: nextcloud-username
passwordKey: nextcloud-password
smtpUsernameKey: smtpUsername
smtpPasswordKey: smtpPassword
ingress:
enabled: true
ingressClassName: traefik
annotations:
path: /nextcloud
internalDatabase:
enabled: true
cronjob:
enabled: true
hpa:
enabled: false
redis:
enabled: true
persistence:
enabled: false
startupProbe:
enabled: true
rbac:
enabled: true
metrics:
enabled: true
https: true
serviceMonitor:
enabled: true
namespace: "monitoring"
Sorry Mohl for the delay. I'm also using k3s and the same nextcloud.existingSecret parameters, and I'm unable to reproduce this 🤔
If anyone else in the community has any suggestions, I'm happy to take a further look and/or rubber duck on this.
oh wait, @Mohl , I just gave this another look and realized that your values.yaml indentation is off. ingress, internalDatabase and I believe everything else should be unindented.
nextcloud:
host: nextcloud.example.com
## Use an existing secret
existingSecret:
enabled: false
secretName: nameofsecret
usernameKey: nextcloud-username
passwordKey: nextcloud-password
smtpUsernameKey: smtp-username
smtpPasswordKey: smtp-password
update: 0
# everything else should be unindented like this
ingress:
enabled: true
ingressClassName: traefik
annotations:
path: /nextcloud
internalDatabase:
enabled: true
cronjob:
enabled: true
hpa:
enabled: false
redis:
enabled: true
persistence:
enabled: false
startupProbe:
enabled: true
rbac:
enabled: true
metrics:
enabled: true
https: true
serviceMonitor:
enabled: true
namespace: "monitoring"
You can use the default values.yaml found here for reference: https://github.com/nextcloud/helm/blob/main/charts/nextcloud/values.yaml
Additonal things to try
- Use the latest helm chart version (
4.2.0at time of writing) - set the
nextcloud.hostparameter - try using
image.flavor=fpmandnginx.enabled=true
Let me know if any of that helps.
I'm going to close this as it's been over six months without a response, but if you're still having trouble, please just respond and we can reopen this issue. You can also open a new Issue and we're happy to help :)