-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redis config customizations superseded by builtin environment variables #568
Comments
Hoi! Looks like redis host is templated here: helm/charts/nextcloud/templates/_helpers.tpl Lines 215 to 231 in 1ae7421
And the redis config is templated here if you're using default (which you're not): helm/charts/nextcloud/templates/config.yaml Lines 32 to 48 in 1ae7421
And your custom redis config would be templated here: helm/charts/nextcloud/templates/config.yaml Lines 12 to 15 in 1ae7421
According to the above, it should allow your override, unless I'm missing something (which I could be). Digging a bit further into this... It looks like redis ssl support in nextcloud/server was added here 3 years ago: nextcloud/server@ed10d85 but it doesn't look like the The click for
|
This config: nextcloud:
defaultConfigs:
redis.config.php: false
configs:
redis.config.php: |-
<?php
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => "tls://nextcloud-wrapper-redis-master.default.svc.cluster.local",
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
'password' => getenv('REDIS_HOST_PASSWORD'),
'ssl_context' => [
'verify_peer_name' => false
'local_cert' => '/certs/redis.crt',
'local_pk' => '/certs/redis.key',
'cafile' => '/certs/ca.crt',
],
),
);
extraEnv:
- name: PHP_MEMORY_LIMIT
value: 4096M
- name: PHP_UPLOAD_LIMIT
value: 16G
###### Shelve for now - in case we want to try TLS again
- name: REDIS_HOST_PASSWORD
value: changeme!
redis:
architecture: standalone
enabled: true
auth:
enabled: false
password: changeme!
tls:
enabled: true
authClients: true
autoGenerated: true Produces this on the webpage itself
The good news is that the override is getting interpreted by nextcloud, but I guess it doesn't know what to do with |
But due to the fact that redis php is configured also here: and as you can see |
Ah. So fixing this would require changing the docker repo for dockerhub as well as this helm repo. Not sure where to open a feature request for this, or whether just this github issue will suffice |
Maybe we could add a way to override the entrypoint by mounting a ConfigMap ? |
re: the PHP session handler... Yes, that's configured in the image entrypoint. It's independent of Nextcloud's config since it's a PHP config matter, but it does pull from the same auto-config environment variables. IIRC though there may be some weirdness there... we'll need to research. If it's actually changed, their docs don't seem to reflect that: If it is possible, we can make a change in the image entrypoint to adapt to it. @Kaurin - 'ssl_context' => [
'verify_peer_name' => false
'local_cert' => '/certs/redis.crt',
'local_pk' => '/certs/redis.key',
'cafile' => '/certs/ca.crt',
], You're missing a comma after |
Describe your Issue
In my example I want to use TLS with the builtin redis. Config overrides get provisioned, but environmnet variables take precedence not allowing my config to use the
tls://
prefix. Instead, the defaulttcp://
prefix is used.Housekeeping
Clean setup, PVCs deleted
Config
Error
Error from
/var/www/html/data/nextcloud.log
(removed "Trace" and "Previous" to save space)Notice
tcp://
instead oftls://
Provisioned configs
Configs look good (not sure why doubled, but OK)
Output:
Environment variables
Environment variables seem to have precedence over configs, rendering configs useless.
Output (notice
tcp://
)Probable culprit
First, the env variables are populated in the helpers file
Then,
nextcloud.env
is used in nextcloud containersIf I am correct in saying that nextcloud favors env variables, then this helm chart approach probably has to be reworked so these customizations can actually take place.
Workaround
I thought I could just provision redis separately and just make sure to have the
REDIS_HOST_PASSWORD
inextraEnv
. Unfortunately, this doesn't work either (different error - Redis went away). The workaround might be possible, but I have given up on it for now and will just go without TLS for now.Conclusion
Would be nice if helm logic would allow us to override certain aspects of the redis config.
It would be even nicer if I'm completely wrong here and missing like one line of config :)
The text was updated successfully, but these errors were encountered: