helm
helm copied to clipboard
nextcloud
Fresh installation default config.php and additional configs don't work as expected together
Describe your Issue
I try to install a new Nextcloud instance by using this helm chart and what I want to achieve is to use the default installation behaviour with autoconfig so that I don't have to create my own config.php. For that I thought I can just add my "custom" or "additional" configurations to the configs part of the helm chart.
Expected State
ls /var/www/html/config
-
config.php-> Exists in the folder with the default value -
custom.config.php-> Exists besides all the other default configs ANDconfig.phpto.
Current State
ls /var/www/html/config
-
config.php-> Does not exist anymore -
custom.config.php-> Exists besides all the other default configs butconfig.phpis gone
The thing is when
The problem is I just try to customise a few additional parameters at initial startup. To avoid these warnings and wrong configured alerts in the administration panel:
I also already tried to just create my own config.php and mount that to with the configs setting of the helm chart. But when I do this then the config.php is not writable which makes sense but that has to be writable because of a few parameters that has to be updated from Nextcloud during installation and later during upgrades:
<?php
$CONFIG = array (
'passwordsalt' => 'SUPERSALT',
'secret' => 'SUPERSECRET',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'nextcloud.domain',
),
'datadirectory' => '/var/www/html/data',
'trusted_proxies' => 'trusted_proxies' => ['10.43.0.0/16'],
'default_phone_region' => 'CH',
'version' => '27.0.2.1', // Has to be writable for Nextcloud
'overwrite.cli.url' => 'http://localhost',
'dbtableprefix' => 'oc_',
'installed' => false, // Has to be writable for Nextcloud and must persist
'instanceid' => '12345',
);
So this is also not the way to go. I also already tried by mounting my own additional volumes and volume mounts and mount my custom config from a ConfigMap. But then the whole /var/www/html/config will stay empty.
So now my question is this really an expected behaviour if yes how can you just easily add some additional Nextcloud settings into this folder without destroying the whole auto install mechanism of this Nextcloud Helm Chart?
Environment
-
Kubernetes distribution: rke2
-
Helm Version (or App that manages helm): helm version 3.11.1
-
Helm Chart Version: 4.3.1
-
values.yaml:
# Define the EXACT nextcloud image
image:
repository: nextcloud
tag: 27.0.2-fpm
pullPolicy: IfNotPresent
# Number of replicas to be deployed
replicaCount: 1
# Cronjob fix: https://github.com/nextcloud/helm/issues/55
lifecycle:
postStartCommand:
- "sh"
- "-c"
- "apt-get update && apt-get install -y openrc && start-stop-daemon --start --background --pidfile /cron.pid --exec /cron.sh"
# Resources to be allocated to a single pod
resources:
requests:
cpu: 2
memory: 1Gi # 4Gi
limits:
cpu: 4
memory: 2Gi # 4Gi
# Enable persistence using PVC
persistence:
enabled: true
size: 16Gi
nextcloudData:
enabled: true
size: 32Gi # Can be extended later
# Main nextcloud configuration
nextcloud:
host: "<INSTANCE-HOST>"
username: admin
password: "<INSTANCE-ADMIN-PASSWORD>"
phpConfigs:
www.conf: |-
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 128
pm.start_servers = 32
pm.min_spare_servers = 32
pm.max_spare_servers = 96
# HERE IS THE ISSUE WITH THESE CUSTOM OR ADDITIONAL CONFIGS
configs:
custom.config.php: |-
<?php
$CONFIG = array (
'default_phone_region' => 'CH',
'trusted_proxies' => ['10.43.0.0/16'],
);
strategy:
type: Recreate
# Deactivate internal sqlite database
internalDatabase:
enabled: false
# Use external postgresql database
externalDatabase:
enabled: true
type: postgresql
host: postgresql
user: nextcloud
password: "<POSTGRESQL-USER-PASSWORD>"
database: nextcloud
# Configure nginx sidecar for FPM
nginx:
enabled: true
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent
resources:
requests:
cpu: 0.375
memory: 256Mi
limits:
cpu: 1
memory: 256Mi
updateStrategy:
type: Recreate
## PostgreSQL chart configuration
## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
postgresql:
enabled: true
image:
tag: 15.4.0-debian-11-r45
auth:
postgresPassword: "<POSTGRESQL-ROOT-PASSWORD>"
username: nextcloud
password: "<POSTGRESQL-USER-PASSWORD>"
database: nextcloud
primary:
persistence:
enabled: true
size: 16Gi
resources:
requests:
cpu: 2
memory: 1Gi # 4Gi
limits:
cpu: 4
memory: 2Gi # 4Gi
## Redis chart configuration
## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis
redis:
enabled: true
architecture: "standalone"
commonConfiguration: |-
# Disable appendonly
appendonly no
auth:
enabled: true
password: "<REDIS-PASSWORD>"
master:
persistence:
enabled: false
resources:
requests:
cpu: 1
memory: 512Mi # 2Gi
limits:
cpu: 2
memory: 1Gi # 2Gi
## Prometheus Exporter / Metrics
metrics:
enabled: true
serviceMonitor:
enabled: true
resources:
requests:
cpu: 0.25
memory: 256Mi
limits:
cpu: 0.5
memory: 256Mi
# Ingress Configuration
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/webfinger {
return 301 $scheme://$host/index.php/.well-known/webfinger;
}
location = /.well-known/nodeinfo {
return 301 $scheme://$host/index.php/.well-known/nodeinfo;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: "<INGRESS-SECRET-NAME>"
hosts:
- "<INSTANCE-HOST>"
i have the same exact issue, I posted an issue a few months ago , hopefully it gets resolved soon
It looks like we don't include the default config.php in the configs you can enable/disable: https://github.com/nextcloud/helm/blob/b2ecbb86314a0a42cf5024c799d39e035705d0fc/charts/nextcloud/values.yaml#L107-L124
And it's not in the default configs in the actual configmap either: https://github.com/nextcloud/helm/blob/main/charts/nextcloud/templates/config.yaml
We actually define the volume mounts in the _helpers.tpl, but I find this a little bit confusing because it sort of looks like we define this three times, once here: https://github.com/nextcloud/helm/blob/b2ecbb86314a0a42cf5024c799d39e035705d0fc/charts/nextcloud/templates/_helpers.tpl#L258-L260
and once here always and a possible third time here if you pass in nextcloud.configs:
https://github.com/nextcloud/helm/blob/b2ecbb86314a0a42cf5024c799d39e035705d0fc/charts/nextcloud/templates/_helpers.tpl#L270-L282
What I'm a bit confused about is what is generally in the config.php outside of the default files listed here: https://github.com/nextcloud/docker/tree/master/27/apache/config
@SwitzerChees or @melbruki Could you let me know which values you want to make sure are present?
I just landed on this issue, I'm here because my install is complaining about the default_phone_region not being set which is required for Talk and part of the base config.php - I also see that was one of the settings the OP was trying to correct.
I have the same problem, I mean config.php file not filled.
I'm also under RKE2.
Here my configuration:
image:
repository: nextcloud
tag: 29.0.0-fpm
pullPolicy: IfNotPresent
pullSecrets:
- private-registries
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 4G
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/server-snippet: |
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: nextcloud.xxxxxxxxxxxxxxxx.fr-tls
hosts:
- nextcloud.xxxxxxxxxxxxxxxx.fr
nextcloud:
host: nextcloud.xxxxxxxxxxxxxxxx.fr
username: xxxxxxxxxxxxxxxx
password: xxxxxxxxxxxxxxxx
containerPort: 8080
mail:
enabled: true
fromAddress: xxxxxxxxxxxxxxxx.fr
domain: xxxxxxxxxxxxxxxx.fr
smtp:
host: smtp-relay.brevo.com
secure: ssl
port: 587
authtype: LOGIN
name: xxxxxxxxxxxxxxxx
password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
phpConfigs:
www.conf: |-
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 128
pm.start_servers = 32
pm.min_spare_servers = 32
pm.max_spare_servers = 96
defaultConfigs:
.htaccess: true
redis.config.php: true
apache-pretty-urls.config.php: true
apcu.config.php: true
apps.config.php: true
autoconfig.php: true
smtp.config.php: true
configs:
custom.config.php: |-
<?php
$CONFIG = array (
'default_phone_region' => 'FR',
'trusted_proxies' => ['10.43.0.0/16'],
);
s3.config.php: |-
<?php
$CONFIG = array (
'objectstore' => [
'class' => '\\OC\\Files\\ObjectStore\\S3',
'arguments' => [
'hostname' => 'oos.eu-west-2.outscale.com',
'port' => 443,
'bucket' => 'my-nextcloud-bucket',
'autocreate' => true,
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'use_ssl' => true,
'use_path_style' => true,
],
],
);
logging.config.php: |-
<?php
$CONFIG = array (
'log_type' => 'file',
'logfile' => 'nextcloud.log',
'loglevel' => 0,
'logdateformat' => 'F d, Y H:i:s'
);
strategy:
type: Recreate
nginx:
enabled: true
image:
repository: nginxinc/nginx-unprivileged
tag: 1.25.5-bookworm
pullPolicy: IfNotPresent
containerPort: 8080
config:
default: true
redis:
enabled: true
architecture: standalone
commonConfiguration: |-
# Disable appendonly
appendonly no
auth:
enabled: true
password: xxxxxxxxxxxxxxxx
master:
persistence:
enabled: false
resources:
requests:
cpu: 1
memory: 512Mi
limits:
cpu: 2
memory: 2Gi
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
existingSecret:
enabled: true
secretName: nextcloud-app
usernameKey: username
passwordKey: password
hostKey: host
databaseKey: dbname
cronjob:
enabled: false
securityContext:
runAsUser: 101
runAsGroup: 101
runAsNonRoot: true
readOnlyRootFilesystem: false
rbac:
enabled: true
serviceaccount:
create: true
name: nextcloud-serviceaccount
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
nextcloudData:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
Here the error message I have:
NOTICE: PHP message: {"reqId":"lcMimTNGqttkclzHolyC","level":3,"time":"May 15, 2024 15:06:18","remoteAddr":"10.0.1.19","user":"--","app":"remote","method":"GET","url":"/status.php","message":"Configuration was not read or initialized correctly, not overwriting /var/www/html/config/config.php","userAgent":"kube-probe/1.27","version":"","exception":{"Exception":"OCP\\HintException","Message":"Configuration was not read or initialized correctly, not overwriting /var/www/html/config/config.php","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Config.php","line":143,"function":"writeData","class":"OC\\Config","type":"->","args":[]},{"file":"/var/www/html/lib/private/SystemConfig.php","line":147,"function":"setValue","class":"OC\\Config","type":"->","args":["instanceid","ocmo89c8aq3o"]},{"file":"/var/www/html/lib/private/legacy/OC_Util.php","line":843,"function":"setValue","class":"OC\\SystemConfig","type":"->","args":["instanceid","ocmo89c8aq3o"]},{"file":"/var/www/html/lib/base.php","line":448,"function":"getInstanceId","class":"OC_Util","type":"::","args":[]},{"file":"/var/www/html/lib/base.php","line":711,"function":"initSession","class":"OC","type":"::","args":[]},{"file":"/var/www/html/lib/base.php","line":1181,"function":"init","class":"OC","type":"::","args":[]},{"file":"/var/www/html/status.php","line":39,"args":["/var/www/html/lib/base.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Config.php","Line":279,"Hint":"Configuration was not read or initialized correctly, not overwriting /var/www/html/config/config.php","message":"Configuration was not read or initialized correctly, not overwriting /var/www/html/config/config.php","exception":{},"CustomMessage":"Configuration was not read or initialized correctly, not overwriting /var/www/html/config/config.php"}}
Won't it be possible to have more details to see what cause this error ?
Is there a manual command that I can try to generate config.php file ?
@provokateurin and @wrenix could you please help look into this? I'm a little swamped with work right now, but it seems like this has continued to be a problem for a number of users and I haven't had too much time to dedicate to it.
hmm, correct me @provokateurin if i am wrong, but the main problem is, that nextcloud create and manage the config.php.
So i believe we should not overwrite or manage it on a kubernetes way ... (in my opinion).
Yep the config.php should be freely writable by nextcloud (although it is possible to have it in a read-only mode with a special flag). Only additional configs can be mounted read-only by default.
I kind of facing the same issue too. Apparently the problem is the ownership of the created "subPath: config" which should be www-data (and not root). I think Kubernetes does not automatically apply the fsGroup (33 = www-data) settings to ConfigMap volumes in the same way it does for PVCs (for instance, I can see in my setup that the owner of the html subPath is www-data but the owner of the config subPath is root).
I set fsGroup to 33 in the podSecurityContext and it seems to work, even with mounted ConfigMaps.
NextCloud has permissions in the config directory and creates the config.php during install. The mounted ConfigMaps are still owned by root, but as long as the config directory is write-able by the www-data user, everything seems fine.
Helm values snippet:
nextcloud:
podSecurityContext:
fsGroup: 33
Maybe this should be the default in the chart values?
