helm icon indicating copy to clipboard operation
helm copied to clipboard
verified publisher icon nextcloud

Feature: Use CronJob resources instead of a container with crond

Open pschichtel opened this issue 1 year ago • 12 comments

Description of the change

I would like to use k8s' CronJob resources to run nextcloud's cronjob tasks instead of having them executed by the cron container.

Benefits

  • easier to add new cronjobs (e.g. for certain apps like image preview pre generation or duplicate detection)
  • more/easier insight into failed cronjobs through cluster monitoring
  • separate resource limits when multiple cronjobs are configured

Possible drawbacks

I'm not entirely clear on how this might interact with nextcloud during upgrades, but I don't think it changes much compared to the status quo.

Additional information

pschichtel avatar May 31 '24 11:05 pschichtel

Some long time ago this was how the crons were implemented, but it had quite some problems which I don't remember anymore. Please search in the issues and PRs of this repo to dig up the history of this. If the problems can be avoided now it definitely makes sense to use the k8s cron instead.

provokateurin avatar May 31 '24 11:05 provokateurin

I've found quite a few issues related to cronjobs, but I haven't found any that would suggest an issue with running them as CronJob resources. The cronjob resource used curl to invoke webcron, I can imagine how this could cause various issues like network timeouts. My intent would be to use the same nextcloud/docker image and run the same command the current cron container uses as well.

History of the cronjob.yaml: https://github.com/nextcloud/helm/commits/main/charts/nextcloud/templates/cronjob.yaml

pschichtel avatar May 31 '24 12:05 pschichtel

I guess that makes sense, just execute the cron.php script which can not timeout instead of using curl which can timeout. I wonder why nobody thought about this :sweat_smile:

provokateurin avatar May 31 '24 12:05 provokateurin

If I were to submit a PR to implement this: Should I keep the current cron mechanism around (e.g. introduce an option to select sidecar vs cronjob)?

pschichtel avatar May 31 '24 12:05 pschichtel

I don't think that would be necessary as there is no real breaking change, as long as you use the same container image and mount all the same volumes etc. You're effectively switching https://github.com/nextcloud/docker/blob/13f51c4f70676edb464ce5ea03631403b54623df/29/fpm/Dockerfile#L18 against the k8s Cronjob resource. @jessebot what do you think?

provokateurin avatar May 31 '24 12:05 provokateurin

Yeah, I like the idea of this being a k8s cronjob 👍 I don't see a big a deal with removing the cron container either.

jessebot avatar May 31 '24 12:05 jessebot

This also allows proper scaling of nextcloud pod, as scaling cron container is a bad idea.

JuniorJPDJ avatar Aug 02 '24 13:08 JuniorJPDJ

Not really, you can have as many cron jobs concurrently as you want (especially useful and necessary on large instances). 1:1 scaling of server and cron is probably a bad idea though as the resource usages are different.

provokateurin avatar Aug 02 '24 13:08 provokateurin

fyi I still have this on my todo, the last few weeks where a little busy.

pschichtel avatar Aug 02 '24 13:08 pschichtel

Another use case for a Kubernetes CronJob is to run the cron container as a non-root user, because at the moment this doesn't seem possible (see this issue)

keliansb avatar Oct 10 '24 07:10 keliansb

@pschichtel / @provokateurin Is https://github.com/nextcloud/helm/pull/703 something in the direction you would have expected? My major aspect is to run Nextcloud without root privileges as described by @keliansb . Feel free to give feedback.

MartinKirchner avatar Mar 03 '25 14:03 MartinKirchner

@MartinKirchner yep, I was thinking of similar changes. I was actually planning to tackle it soon, I can provide some feedback on the PR.

pschichtel avatar Mar 03 '25 15:03 pschichtel