Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync config files from nextcloud/docker repo; Add S3/Swift object storage config; Add S3 ci test; Add nextcloud.trustedDomains #464

Merged
merged 5 commits into from
Jul 26, 2024

Conversation

jessebot
Copy link
Collaborator

@jessebot jessebot commented Nov 8, 2023

Description of the change

  • Updates the following files to match the upstream nextcloud/docker config files:
    • charts/nextcloud/files/defaultConfigs/autoconfig.php.tpl
    • charts/nextcloud/files/defaultConfigs/redis.config.php.tpl
    • charts/nextcloud/files/defaultConfigs/reverse-proxy.config.php.tpl 🆕
    • charts/nextcloud/files/defaultConfigs/s3.config.php.tpl 🆕
    • charts/nextcloud/files/defaultConfigs/smtp.config.php.tpl
    • charts/nextcloud/files/defaultConfigs/swift.config.php.tpl 🆕
    • charts/nextcloud/files/defaultConfigs/upgrade-disable-web.config.php.tpl 🆕

Note

If you were already manually providing s3.config.php, reverse-proxy.config.php, swift.config.php, or upgrade-disable-web.config.php, you can disable us deploying a default file for you by setting the respective nextcloud.defaultConfigs.FILE to false. For instance, to disable the default s3.config.php, you would set nextcloud.defaultConfigs.s3.config.php=false.

  • Adds nextcloud.objectStore.s3 to use S3 for primary storage:

    click me for new nextcloud.objectStore.s3 values
    nextcloud:
      objectStore:
        s3:
          enabled: false
          # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
          accessKey: ""
          # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
          secretKey: ""
          # use legacy auth method
          legacyAuth: false
          # s3 endpoint to use; only required if you're not using AWS
          host: ""
          # use TLS/SSL for S3 connections
          ssl: true
          # default port that can be changed based on your object store, e.g. for minio, you can use 9000
          port: "443"
          # this is the default in the nextcloud docs
          region: "eu-west-1"
    provokateurin marked this conversation as resolved.
          # required if using s3, the name of the bucket you'd like to use
          bucket: ""
          # object prefix in bucket
          prefix: ""
          # set to true if you are not using DNS for your buckets.
          usePathStyle: false
          # autocreate the bucket
          autoCreate: false
          # optonal parameter: you probably want to keep this as default
          storageClass: "STANDARD"
          # server side encryption key. learn more: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#s3-sse-c-encryption-support
          sse_c_key: ""
          # use an existingSecret for S3 credentials. If set, we ignore the following under nextcloud.objectStore.s3
          # endpoint, accessKey, secretKey
          existingSecret: ""
          secretKeys:
            # key in nextcloud.objectStore.s3.existingSecret to use for s3 endpoint
            host: ""
            # key in nextcloud.objectStore.s3.existingSecret to use for s3 accessKeyID
            accessKey: ""
            # key in nextcloud.objectStore.s3.existingSecret to use for s3 secretAccessKey
            secretKey: ""
            # key in nextcloud.objectStore.s3.existingSecret to use for the s3 bucket
            bucket: ""
            # key in nextcloud.objectStore.s3.existingSecret to use for the s3 sse_c_key
            sse_c_key: ""
  • Adds nextcloud.objectStore.swift to use OpenStack Swift for primary storage:

    click me for new nextcloud.objectStore.swift values
    nextcloud:
      objectStore:
        ## options related to using Swift as a primary object storage 
        swift:
          enabled: false
          # swift user info
          user:
            domain: "Default"
            name: ""
            password: ""
          # swift project info
          project:
            name: ""
            domain: "Default"
          # The Identity / Keystone endpoint
          url: ""
          region: ""
          # optional on some swift implementations
          service: "swift"
          # the container to store the data in
          container: ""
          # autocreate container
          autoCreate: false
  • adds a new ci test_case for enabling S3 as a primary object store

    • includes installing MinIO conditionally using the community MinIO helm chart
    • includes a k8s test job to upload a file conditionally
  • adds nextcloud.trustedDomains as a helm parameter. Takes a list that, if set, we then template out to a space separated list. Otherwise, we still use our default templating for that parameter (which uses nextcloud.host)

  • rename run-tests job to test since the job before it is just called lint and it keeps the check names from truncating as much in the following view (can't be longer than 30 characters):
    Screenshot of the nextcloud/helm github actions workflow summary showing the names of each matrix strategy test case jobs being truncated to 30 characters

Benefits

This lets users use both nextcloud.configs and still use the nextcloud/docker auto configuration via environment variables. Prior to this change, you had to use one or the other when it came to s3 as primary object storage.

Possible drawbacks

not sure 🤷 but always open to feedback :)

Applicable issues

Checklist

@jessebot jessebot self-assigned this Nov 8, 2023
@jessebot jessebot added the 3. to review Waiting for reviews label Nov 8, 2023
@jessebot
Copy link
Collaborator Author

Since it's taking a bit for my PR to be merged upstream, I'll try to spend some time on this later today to get it ready for merge without the encryption feature to start with.

Perhaps it also makes sense to have a nextcloud.objectStore.s3 section in the values.yaml like (maybe in a second PR as I'd need to play with the deployment template and add an s3 secret):

nextcloud:
  objectStore:
    s3:
      enabled: true
      # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
      accessKey: ""
      # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
      secretKey: ""
      # only required if you're not using AWS
      endpoint: ""
      # default port that can be changed based on your object store, e.g. for minio, you can use 9000
      port: "443"
      # this is the default in the nextcloud docs
      region: "eu-west-1"
      bucket: ""
      ssl: true
      # set to true if you are not using DNS for your buckets.
      usePathStyle: false
      existingSecret: ""

charts/nextcloud/README.md Outdated Show resolved Hide resolved
@jessebot
Copy link
Collaborator Author

I've removed the encryption key setting for now, so this could still be merged, but I haven't tested this, so it should still wait another week or two while I make sure it works without the encryption key.

@jessebot jessebot added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Nov 20, 2023
@jessebot jessebot removed the request for review from provokateurin November 20, 2023 11:23
@NikoKS
Copy link

NikoKS commented Feb 21, 2024

any plan for this to be merged?

@NikoKS
Copy link

NikoKS commented Mar 4, 2024

any blocker to this @jessebot

@jessebot
Copy link
Collaborator Author

No, I just was just really busy before. Let me take a look at the code now and see what's left to be done here :)

@jessebot
Copy link
Collaborator Author

gonna take a peak locally and push up some changes as nextcloud/docker#2151 was merged so we now have encryption as well :)

@jessebot jessebot requested a review from provokateurin July 22, 2024 11:19
@jessebot jessebot added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jul 22, 2024
@jessebot
Copy link
Collaborator Author

jessebot commented Jul 22, 2024

This should be ready for review now :) Unless #480 gets merged first, then I need to update this PR again.

@provokateurin
Copy link
Member

I'd rather wait for the other PR, it has been open so long already.

@jessebot
Copy link
Collaborator Author

Sounds good to me :)

@jessebot jessebot removed the 3. to review Waiting for reviews label Jul 24, 2024
@jessebot
Copy link
Collaborator Author

As discussed in #480, I will refactor this to use the new config file format and then we can review and merge.

@jessebot jessebot added the 2. developing Work in progress label Jul 24, 2024
@jessebot jessebot marked this pull request as draft July 24, 2024 08:15
@jessebot jessebot force-pushed the add-s3-default-configs branch from a48b146 to 7fe9a3c Compare July 24, 2024 08:32
@jessebot
Copy link
Collaborator Author

Actually, in the interest of resolving #477, should I just go ahead and add the following to the values?

nextcloud:
  objectStore:
    s3:
      enabled: true
      # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
      accessKey: ""
      # ignored if nextcloud.objectstore.s3.existingSecret is not empty string
      secretKey: ""
      # only required if you're not using AWS
      endpoint: ""
      # default port that can be changed based on your object store, e.g. for minio, you can use 9000
      port: "443"
      # this is the default in the nextcloud docs
      region: "eu-west-1"
      bucket: ""
      ssl: true
      # set to true if you are not using DNS for your buckets.
      usePathStyle: false
      existingSecret: ""

Open to suggestions and feedback on better organizing this, but it feels like we could accommodate this, rather than making users manually set the env vars?

@provokateurin
Copy link
Member

How about adding the other missing configs (especially https://github.com/nextcloud/docker/blob/master/.config/upgrade-disable-web.config.php) and checking if the other ones are up-to-date?

@jessebot jessebot changed the title Update config files to match upstream nextcloud/docker repo; Add default S3/Swift object storage config; Add S3 ci test; Add nextcloud.trustedDomains Sync config files from nextcloud/docker repo; Add S3/Swift object storage config; Add S3 ci test; Add nextcloud.trustedDomains Jul 25, 2024
@jessebot jessebot force-pushed the add-s3-default-configs branch 2 times, most recently from bb77a8b to 84c9f37 Compare July 25, 2024 08:28
@jessebot
Copy link
Collaborator Author

OK! This is finally ready for review, @provokateurin :)

Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you try to separate the changes into a few commits e.g.:

  1. update existing config files
  2. add new/missing config files
  3. add s3 and swift values.yaml
  4. add s3 test

It doesn't need to be exactly these commits, but if anything here breaks something down the road it will be a lot easier to bisect if it's not a single commit.

.github/workflows/lint-test.yaml Show resolved Hide resolved
@provokateurin
Copy link
Member

Very nice work btw ❤️

@jessebot
Copy link
Collaborator Author

Could you try to separate the changes into a few commits e.g.:

  1. update existing config files

  2. add new/missing config files

  3. add s3 and swift values.yaml

  4. add s3 test

It doesn't need to be exactly these commits, but if anything here breaks something down the road it will be a lot easier to bisect if it's not a single commit.

Sure, I can do that when I get home later. I assumed you'd ask for it to be in all one commit, so I did this to solve that, but also, since we typically do a squash and merge, does this mean you'd like me to do a normal merge commit after I finish teasing apart the commits? Happy to do it, just making sure :)

@provokateurin
Copy link
Member

Well I prefer a clean history where every commit has a purpose and does only one thing. So neither fixup commits nor mega commits are great, just smallish concrete ones.

jessebot added 5 commits July 25, 2024 19:32
Synchronizes default config.php files from nextcloud/docker to add file env vars:

- Redis: Adds REDIS_HOST_PASSWORD_FILE, cleans up formatting to match upstream

- Autoconfig: Adds MYSQL_DATABASE_FILE, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE, POSTGRES_DB_FILE, POSTGRES_USER_FILE, and POSTGRES_PASSWORD_FILE

- smtp: adds SMTP_PASSWORD_FILE

Signed-off-by: jessebot <[email protected]>
…ameters

- also updates README and values.yaml examples

Signed-off-by: jessebot <[email protected]>
Adding this directly helps with setting multiple values via helm parameters, instead of needing to pass in a whole config file.

Signed-off-by: jessebot <[email protected]>
- Tests enabling bare minimum parameters to use S3 Object store as your primary storage.

- Spin up a small MinIO instance to test that uploading a file via DAV actually creates the nextcloud storage bucket and puts the file into it.

- Also changes main test name from run-tests to test

Signed-off-by: jessebot <[email protected]>
@jessebot jessebot force-pushed the add-s3-default-configs branch from 84c9f37 to c209445 Compare July 25, 2024 17:41
@jessebot jessebot requested a review from provokateurin July 25, 2024 17:43
@jessebot
Copy link
Collaborator Author

jessebot commented Jul 25, 2024

OK, I think all the commits are reasonable now. It took me kind of a while to get it together, because splitting a commit can't really be done in any easy way, but like, we should be good now!

Oh, when merging, do you want to do a "merge commit" or "rebase and merge"?

@provokateurin
Copy link
Member

Merge commit ;)

But honestly do what you find best, as long as it works for you 🤷‍♀️

@jessebot
Copy link
Collaborator Author

Okie dokie. I still need an approval, but then we can get this out the door :)

@jessebot jessebot added the CI/CD Anything to do with continuous integration or continuous deployment or release automation. label Jul 26, 2024
Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for all the care you put into this! Also reviewing the changes was super easy now with the split commits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3. to review Waiting for reviews CI/CD Anything to do with continuous integration or continuous deployment or release automation. S3 Anything to do with S3 object storage
Projects
None yet
3 participants