Skip to content

fix: Extract a template for the nextcloud container (app/cronjob) #712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MartinKirchner wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Extract a template for the nextcloud container (app/cronjob) #712

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/nextcloud/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: nextcloud
version: 6.6.9
version: 6.6.10
# renovate: image=docker.io/library/nextcloud
appVersion: 30.0.6
description: A file sharing server that puts the control and security of your own data back into your hands.
Expand Down
45 changes: 45 additions & 0 deletions charts/nextcloud/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -431,4 +431,49 @@ app.kubernetes.io/managed-by: {{ .rootContext.Release.Service }}
{{- with .rootContext.Chart.AppVersion }}
app.kubernetes.io/version: {{ quote . }}
{{- end }}
{{- end -}}

{{/*
Create nextcloud container definition for deployment and cronjob.
Pass these parameters in the dict:
- containerName: name of the container
- context: Pointer to the context in the values.yaml where "lifecycle, resources" can be found
- securityContext: Pointer to the securityContext in the values.yaml
- rootContext: $ (Inside a template the scope changes, i.e. you cannot access variables of the parent context or its parents.
Unfortunately this is also the case for the root context, this means .Values, .Release, .Chart cannot be accessed.
However the other templates need values from the objects. That's why the caller has to pass on reference to the root context which this template in turn passes on.)
*/}}
{{- define "nextcloud.container" -}}
- name: {{ .containerName }}
image: {{ include "nextcloud.image" .rootContext }}
imagePullPolicy: {{ .rootContext.Values.image.pullPolicy }}
{{- if .context.command }}
Copy link
Collaborator

@wrenix wrenix Mar 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use with instatt of if

command:
{{- toYaml .context.command | nindent 4 }}
{{- end }}
{{- with .context.lifecycle }}
lifecycle:
{{- with .postStartCommand }}
postStart:
exec:
command:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .preStopCommand }}
preStop:
exec:
command:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
env:
{{- include "nextcloud.env" .rootContext | nindent 4 }}
resources:
{{- toYaml .context.resources | nindent 4 }}
{{- with .securityContext }}
securityContext:
{{- toYaml . | nindent 4 }}
{{- end }}
volumeMounts:
{{- include "nextcloud.volumeMounts" .rootContext | trim | nindent 4 }}
{{- end -}}
62 changes: 4 additions & 58 deletions charts/nextcloud/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,34 +49,8 @@ spec:
{{- end}}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "nextcloud.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.lifecycle }}
lifecycle:
{{- with .postStartCommand }}
postStart:
exec:
command:
{{- toYaml . | nindent 18 }}
{{- end }}
{{- with .preStopCommand }}
preStop:
exec:
command:
{{- toYaml . | nindent 18 }}
{{- end }}
{{- end }}
env:
{{- include "nextcloud.env" . | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nextcloud.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- include "nextcloud.volumeMounts" . | trim | nindent 12 }}
{{- $containerName := .Chart.Name }}
{{- include "nextcloud.container" ( dict "containerName" $containerName "securityContext" .Values.nextcloud.securityContext "rootContext" $ "context" .Values ) | nindent 8 }}
{{- range $hook, $shell := .Values.nextcloud.hooks }}
{{- if $shell }}
- name: nextcloud-hooks
Expand Down Expand Up @@ -241,36 +215,8 @@ spec:
{{- end }}
{{- end }}{{/* end-if nginx.enabled */}}
{{- if .Values.cronjob.enabled }}
- name: {{ .Chart.Name }}-cron
image: {{ include "nextcloud.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
{{- toYaml .Values.cronjob.command | nindent 12 }}
{{- with .Values.cronjob.lifecycle }}
lifecycle:
{{- with .postStartCommand }}
postStart:
exec:
command:
{{- toYaml . | nindent 18 }}
{{- end }}
{{- with .preStopCommand }}
preStop:
exec:
command:
{{- toYaml . | nindent 18 }}
{{- end }}
{{- end }}
env:
{{- include "nextcloud.env" . | nindent 12 }}
resources:
{{- toYaml .Values.cronjob.resources | nindent 12 }}
{{- with .Values.cronjob.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- include "nextcloud.volumeMounts" . | trim | nindent 12 }}
{{- $containerName := printf "%s-cron" .Chart.Name }}
{{- include "nextcloud.container" ( dict "containerName" $containerName "securityContext" .Values.cronjob.securityContext "rootContext" $ "context" .Values.cronjob ) | nindent 8 }}
Copy link
Collaborator

@wrenix wrenix Mar 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why we need securityContext, if we has already context ?

Copy link
Collaborator

@wrenix wrenix Mar 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh i see -> do you like to move the values.yaml (and make a breaking change / bump to major)?

remembers me on #379 (comment)

Copy link
Contributor Author

@MartinKirchner MartinKirchner Mar 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wrenix If it's okay for you I'd rather remove the securityContext for the app container (as it is deprecated anyhow).

As for the major version - I hope you remember that my actual goal is to move the cron sidecar to a Kubernetes CronJob.

  • Do you think the Kubernetes Cronjob has a chance to make it's way into this chart?
  • If so, does it make sense to combine these two changes in one new major version?
  • What do you propose on how to proceed?

Copy link
Contributor Author

@MartinKirchner MartinKirchner Apr 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wrenix Any answer to my questions?

Copy link
Contributor

@Manuelraa Manuelraa Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be unrelated but securityContext is not deprecated right?

One more important thing to know about PodSecurityPolicy: it’s not the same as PodSecurityContext.

A part of the Pod specification, PodSecurityContext (and its per-container counterpart SecurityContext) is the collection of fields that specify many of the security-relevant settings for a Pod. The security context dictates to the kubelet and container runtime how the Pod should actually be run. In contrast, the PodSecurityPolicy only constrains (or defaults) the values that may be set on the security context.

The deprecation of PSP does not affect PodSecurityContext in any way.
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/

{{- end }}{{/* end-if cronjob.enabled */}}
{{- with .Values.nextcloud.extraSidecarContainers }}
{{- toYaml . | nindent 8 }}
Expand Down