Add ExtraVolumes for Cronjob Container

nextcloud / helm

A community maintained helm chart for deploying Nextcloud on Kubernetes.

GNU Affero General Public License v3.0

336 stars 268 forks source link

Add ExtraVolumes for Cronjob Container #597

Closed VonNao closed 4 months ago

VonNao commented 4 months ago

Describe your Issue

Nextcloud uses auch central LDAP/AD for usermanagement. The connection between the nextcloud and the ad is protected by ldaps. The AD uses our interal CA for ldaps. Since cronjob seems to check the ldaps connections which fails because of the missingca in the internal truststore.

Logs and Errors

Main LDAP not reachable, connecting to backup

ServerNotAvailableException Lost connection to LDAP server. Error while running background job OCA\Settings\BackgroundJobs\VerifyUserData

Describe your Environment

Kubernetes distribution: rke2
ArgoCD version 2.11.6
Helm Chart Version: 5.2.2

Idea

Would it be possible to add extravolume Mounts to the cronjob container aswell?

jessebot commented 4 months ago

Sure, if you or any other community members would like, please submit a PR for this, and we'll get it reviewed :) Be sure to read the CONTRIBUTING.md docs, and please feel free to ask us any questions. 🙏

VonNao commented 4 months ago

Checked the gotemplates and realised that the mounts are also carried over to the cronjob container. The only thing missing were the post lifecycle command

cronjob:
  enabled: true
  lifecycle:
    postStartCommand: 
      - "update-ca-certificates"

Everything works as expected now!

grzleadams commented 1 month ago

Checked the gotemplates and realised that the mounts are also carried over to the cronjob container. The only thing missing were the post lifecycle command

cronjob: enabled: true lifecycle: postStartCommand:

"update-ca-certificates"

Everything works as expected now!

I feel like it would be beneficial to document that the postStartCommand is also needed on the cron container. I spent a ton of time troubleshooting failing background jobs and it was because I'd only set postStartCommand on the nextcloud container, so we were getting SSL-related LDAP failures (although, at the time, it was unclear that this was the cause). I naively assumed that LDAP operations would be handled on the Nextcloud container and only the jobs would kick out to the cron container, but it seems like the cron container does a bunch of LDAP calls itself.

Either way, thank you so much for closing the loop and posting your solution here!

jessebot commented 1 month ago

@grzleadams we're always happy to accept updates to the documentation in the README and/or the values.yaml file. Please feel free to submit a PR :)