helm icon indicating copy to clipboard operation
helm copied to clipboard
verified publisher icon nextcloud

Migrate the cron container from sidecar to K8s CronJob

Open MartinKirchner opened this issue 9 months ago • 5 comments

Description of the change

With this change we no longer deploy a sidecar container to execute the cronjob, instead we deploy a Kubernetes CronJob object.

Benefits

  • For me this has the major advantage that the CronJob can run as user www-data (uid 33) and execute the php command directly whereas crond in the sidecar has to run as root since otherwise the impersonation of user www-data fails (crond: can't set groups: Operation not permitted).
  • History of failed and successful executions
  • Apart from that I think that is also more robust if the container fails for some reason.

Possible drawbacks

None obvious to me.

Applicable issues

  • fixes #577

Additional information

Checklist

MartinKirchner avatar Mar 03 '25 14:03 MartinKirchner

One concern that I had while originally thinking about the implementation: This would allow the cronjob to run even while the rest of nextcloud is not running (e.g. during upgrades). I'm not entirely sure if this is actually a problem, but worth checking what the implications are. I'm also not entirely sure if the current setup properly handles this in all cases.

pschichtel avatar Mar 03 '25 15:03 pschichtel

One concern that I had while originally thinking about the implementation: This would allow the cronjob to run even while the rest of nextcloud is not running (e.g. during upgrades). I'm not entirely sure if this is actually a problem, but worth checking what the implications are. I'm also not entirely sure if the current setup properly handles this in all cases.

Thanks for this thought. But I think using the CronJob is not worse (maybe better) than the current state. Yes, it might happen that a cronJob is executed while a new, updated pod is deployed and potentially migrate the data model. But I have no idea how to avoid this one way or the other.

MartinKirchner avatar Mar 04 '25 13:03 MartinKirchner

I did come across a few apps that ask their users to setup additional cronjobs, I wonder if that could be supported.

pschichtel avatar Mar 05 '25 00:03 pschichtel

I did come across a few apps that ask their users to setup additional cronjobs, I wonder if that could be supported.

With the configurable command you can do basically whatever you want to, e.g. chain several commands, mount a script and execute this, ...

MartinKirchner avatar Mar 05 '25 06:03 MartinKirchner

With the configurable command you can do basically whatever you want to, e.g. chain several commands, mount a script and execute this, ...

everything except have them run on different schedules. but I guess that can really be a follow-up change if needed

pschichtel avatar Mar 09 '25 01:03 pschichtel

Great change! Good to see that.

JuniorJPDJ avatar Apr 17 '25 00:04 JuniorJPDJ

Great change! Good to see that.

@JuniorJPDJ Unfortunately, I don't get any signs from the maintainers whether they will accept the switch to a Kubernetes Cronjob in the end (see https://github.com/nextcloud/helm/pull/712/files#r2000401925). So I am sort of stuck with my changes.

MartinKirchner avatar Apr 18 '25 09:04 MartinKirchner

@Manuelraa Thanks for addressing this design flaw and solving my issue with your fix.

MartinKirchner avatar Sep 23 '25 12:09 MartinKirchner