Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting nextcloud.objectStore.s3.legacyAuth is not being set as string env var #637

Closed
yaleman opened this issue Sep 25, 2024 · 8 comments · Fixed by #638
Closed

Setting nextcloud.objectStore.s3.legacyAuth is not being set as string env var #637

yaleman opened this issue Sep 25, 2024 · 8 comments · Fixed by #638
Assignees
Labels
2. developing Work in progress bug Something isn't working S3 Anything to do with S3 object storage

Comments

@yaleman
Copy link

yaleman commented Sep 25, 2024

Describe your Issue

Set value of nextcloud.objectStore.s3.legacyAuth to "true" or "false" or "yes" or "no" (note, string values) and it ends up as a bool when being set in the provider:

Logs and Errors

json: cannot unmarshal bool into Go struct field EnvVar.spec.template.spec.containers.env.value of type string

Describe your Environment

  • Kubernetes distribution: kss

  • Helm Version (or App that manages helm): tofu

OpenTofu v1.8.2
on darwin_arm64
+ provider registry.opentofu.org/carlpett/sops v1.1.1
+ provider registry.opentofu.org/hashicorp/helm v2.15.0
+ provider registry.opentofu.org/hashicorp/kubernetes v2.32.0
  • Helm Chart Version: 6.0.2

  • values.yaml:

# paste your values.yaml (anonymize any sensitive data)

Additional context, if any

I'm trying to configure minio as an s3 backing store, if there's a better path I'm happy to follow it 😄

Setting it to "test" works fine. Other settings like this work fine too, just not legacyAuth:

 set {
    name  = "nextcloud.objectStore.s3.enabled"
    value = "true"
  }
@jessebot
Copy link
Collaborator

Thanks for reporting this! I think it's because this needs to be quoted:

{{- with .Values.nextcloud.objectStore.s3.legacyAuth }}
- name: OBJECTSTORE_S3_LEGACYAUTH
value: {{ . }}
{{- end }}

so I think I need to submit a PR to change it to:

{{- with .Values.nextcloud.objectStore.s3.legacyAuth }}
- name: OBJECTSTORE_S3_LEGACYAUTH
  value: {{ . | quote }}
{{- end }}

I'll get on that :)

@jessebot jessebot added 1. to develop Accepted and waiting to be taken care of bug Something isn't working S3 Anything to do with S3 object storage labels Sep 25, 2024
@jessebot jessebot self-assigned this Sep 25, 2024
@jessebot jessebot added 2. developing Work in progress and removed 1. to develop Accepted and waiting to be taken care of labels Sep 25, 2024
@jessebot
Copy link
Collaborator

This was automatically closed by #638, but can you give a try and make sure it's working now? :)

@yaleman
Copy link
Author

yaleman commented Sep 30, 2024

Thanks @jessebot it does seem to have solved the issue, but I'm still very confused as to how to get Minio working as an S3 backend. Have you any direction on this one?

FWIW, nextcloud.objectStore.s3.autoCreate is supposedly set by default to false according to the docs, but it's throwing 403's about creating the bucket... which seems to indicate another issue.

@jessebot
Copy link
Collaborator

@yaleman this may be an issue where you need to set verify_bucket_exists to false which is mentioned in the docs, however that won't be supported in this chart until #614 is merged, which is blocked by nextcloud/docker#2271 (@joshtrichards set the milestone for this to be Nextcloud 30.0.2 so perhaps we can expect it for 30.0.2).

In the meantime, you could use the include your own env var and pass in a custom config like this one:
https://github.com/nextcloud/docker/blob/0f899fe772b179e65fdb0bc77933d2c53b2724f7/.config/s3.config.php#L29

Let me know if you need any other help :)

@yaleman
Copy link
Author

yaleman commented Oct 20, 2024

The next issue is that it's returning HTTP urls when accessing it via HTTPS, so most of the page assets won't load. I'm not using the helm chart to do the certs/TLS, how do I tell it to fix that?

@jessebot
Copy link
Collaborator

The next issue is that it's returning HTTP urls when accessing it via HTTPS, so most of the page assets won't load. I'm not using the helm chart to do the certs/TLS, how do I tell it to fix that?

The word "it" is used a lot here, but I'm not sure what "it" is. 🤔 What error are you getting exactly and from where?

There is a use_ssl option you can set for s3, but if you're asking about ssl for minio, you need to consult the minio chart.

If you're asking about SSL for nextcloud itself, you could do that via nginx + cert-manager. The way I do certs via the values.yaml is like this:

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: 'letsencrypt-prod'

@yaleman
Copy link
Author

yaleman commented Oct 21, 2024

Sorry "it" is the Nextcloud stack, which is responding with http URLs in the HTML responses, so it fails to load things like CSS. I'll have to test the above when I can thanks.

@jessebot
Copy link
Collaborator

Sorry "it" is the Nextcloud stack, which is responding with http URLs in the HTML responses, so it fails to load things like CSS. I'll have to test the above when I can thanks.

hmmm, I haven't run into that issue before, but let us know how it goes! If minio is using https traffic, and so is nextcloud, you should be good to go, but if not, I can try to take a look at both your nextcloud and minio values files and see what may be up. A reminder that I do this in my spare time, so if I drop off on responses for a bit, it's not you, and I will eventually come back around and take a look.

Others in the community are also always free to chime in 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2. developing Work in progress bug Something isn't working S3 Anything to do with S3 object storage
Projects
None yet
2 participants